Secure WordPress upgrades

I’m sure that like a lot of bloggers out there, you’re using WordPress to power your blogs. And because WordPress is now the de facto choice for self–hosted blogging apps, it is now a favorite target for various security attacks. It’s like every ill–willed hacker is busy trying to find vulnerabilities in it.

The recent news of a fake WordPress site distributing a backdoored and fake WP 2.6.4 version is a significant concern for all users of the application. However, it seems that someway, somehow, someone will find a way to maliciously exploit WordPress. Here are some tips to avoid exposing yourself to problems like this:

  • Upgrade the application as often as there are new versions. This includes even point releases that may seem unnecessary, updates are there for a reason.
  • Download only from This becomes even more important if you can hardly understand code. Get your updates from legitimate sources only.
  • Only use trustworthy themes and plugins. Now this is not exactly easy, but knowing where to get them is half the battle. Always start your search from WordPress Extend and reliable third–party sources like WTC.
  • Update your plugins. And themes too. As everyone tries to make WordPress useful to others, some tend to release not–too–ready code. Some of these introduce vulnerabilities, but are typically updated prompty. Don’t forget to upgrade.
  • Deactivate unused plugins and delete them. Unused plugins do nothing, and they just increase the load WordPress puts on your server processes. The less plugins, the better. And make sure you delete them, even deactivated plugins can be executed without you knowing it!

Now those are just some tips to keep in mind. If you have other reminders for fellow WordPress users, share them by leaving a comment.