Sorry if you already did! but the advice is to avoid upgrading to wordpress 3.0 if you strongly don’t need the exclusive features in it.
The release has some security hole and bugs that can cause serious damage to your site if some hacker (or a script kiddie) arrived to your site.
Try to avoid upgrading to the new version at least 2 or more weeks (better if you could wait until the end of summer) as one or two security releases will be out by then.
WordPress 3.0 is really beautiful piece of script but security is a major issue with all these fresh releases. Those who are too much excited to test it out are advised to do it on a test install and not on their live server or if you are too out of control to test it on your live site then please make a backup of your site. However please bear in mind that it’s not necessary that once you are hacked you are aware of it too.
I upgraded to WordPress 3 and then could not log in, just had blank white pages. We have now disabled the Events Calendar and got the site back up, but cannot put back the Events Calendar
Geesh – I always thought quickly upgrading is the best way to make sure that your site is SAFE :-( I already upgraded. I actually don’t care about new functions, all I want is to have my sites safe. Can you recommend one way for non-tech people to secure their wp installs? Thanks Nabeel.
if you want to know 2 ways (sorry minimum is 2) then its:
1. backup your website files and database, both
2. make your files read only (the ones that are not needed to be writable)
Hi Nabeel,
thanks again. I’ll dare to bug you again… but how can I know which files are not needed to be writable?
I found a plugin that turns your blog into static .html pages http://www.sorben.org/really-static/index.html – would this do?
Thanks!
as i said earlier, first thing is to backup. Most of the hackers follow like this: they look for all available sites and scripts on any server, and then hack into any of them, so that they get access to file system, once they are there, they can destroy all the sites on that server, so on site security don’t matter much (as first step) so make a backup regularly.
secondly, no matter what plugin you use, you can be hacked, . . . period! there is almost no code / script that can’t be exploited.
Making your site static may or may not serve you for security issues, but it will surely help boast your page views as site will load hell fast!
but if you’re using static plugin, it will make any dynamic code / widget useless (like recent comments, recent posts, top commentators, on this site for example)