I've been dealing with a couple of websites that have been hacked over the past week, so I thought it would be beneficial to write something highlighting how to prevent it in the first place.
"WordPress is used by over 14.7% of Alexa Internet's "top 1 million" websites..." - http://en.wikipedia.org/wiki/WordPress
That's an impressive percentage, but with that kind of popularity comes some negatives. WordPress is very popular among hackers, as it can be quite easy to hack and gain control of someone elses website, but only if you let them.
So how do we prevent these annoying hackers from ruining our websites, and possibly getting us reported to Google as being a "malicious" website?
It's quite easy - stay up to date!
When WordPress tells you there's a new version available - update to it.
Same goes for your plugins and themes - these things get updated for a reason, and neglecting to do so can cost you.
I know many people don't like updating because they're afraid it might break something on their site.
This is a totally legitimate concern, every time I update something the thought crosses my mind.
First, check to see if the plugin or theme tells you which version of WordPress it's compatible up to - most will.
If there's no mention of compatibility, the best thing you can do is research before updating - if it's a WordPress update, go on over to the WordPress.org forum and see if anyone is having any problems with the update.
If it's a plugin or a theme, check with the author's website - make sure you're not going to get any nasty surprises.
That being said, 99% of the time the update will go as planned, and you'll be safe from those no-life hackers.
Okay, so what about the 1% of the time? Simple - backup your website before doing anything major.
There's many plugins that handle backing up your site, take a look:
BackupBuddy - this plugin isn't free, but it's worth every penny in my opinion. You have the option to backup your database, files, or both. Not only that, you can schedule your backup to send somewhere secure, like DropBox. This means even if your server is completely obliterated, you still have EVERYTHING you need to get your site back to the way it was. I personally use this option on my websites.
WP-DB-Backup - this is a free plugin available for download (simply search for it in the Plugins area of your Dashboard). This plugin only backs up your database, which is what holds all of your content and settings. You can schedule the backup to send to your email, which can be super useful.
VaultPress - I've never personally used this service, but it's massively popular. Not only does it handle all of your backups, it also watches for any potential hacks, and will notify you if anything is wrong. Super cool service that I'll be checking out.
Okay, so now that we know how important staying up to date is, how do we do it?
Easy! WordPress has made it so easy to stay up to date, simply find your way to your "Updates" page in your WordPress Dashboard.
Take a look at the image below - click it to open the full size version.
That's it for now - if you have any questions, feel free to drop me a comment below.