Confessions of a Lazy WordPress Updater

You’d think that someone who works directly with so many talented WordPress professionals would be on top of things like updates. You’d think that a person who writes about the perils of not keeping up on your site would do so herself. You’d think, but you’d be wrong.

Updates and Me

It’s not necessarily laziness that prevented me from taking care of business. It’s more of a fear, and a strong distaste, of updates. There are several huge companies, who I will not name here, who seem to manage to break everything with each new update. I’ve been trained to be wary of the update, see? It’s not my fault. I’m the victim here. *cough*

WordPress Is Not One of Them

While it might be true that, historically, companies like iTunes, Skype and Windows updates (oops, guess we’ll go ahead and name names) are a mixed bag of half-fixes and new, improved bugs, WordPress is not one of them.

WordPress has consistently improved the user experience and provided increased protection with each and every version they’ve released. So why not press the update button that shows up in the dashboard every time I log onto my site? Stupidity is the only thing that comes to mind.

The Shame of It All

It’s no mistake that the day of reckoning came on the same day I was invited to IvyCat’s internal chat system. The Universe tends to do these things to me, which is how I know it has a sense of humor.

So here I am, minding my own business after contacting IvyCat’s support desk to ask why my subdomains were borked. Of course, I assumed it was an issue on their end, not mine. Ahem.

I was logged into the chat while I work and waited for an answer. The answer came pretty quickly, “Your site’s been hacked.”

But not just hacked, see. Apparently my site was teeming with malware, crawling through my site like a bunch of hungry roaches. Gross!

I see a mention in the chat window. “Jenny, your site needs 32 updates, half of which are themes.”

Themes, Plugins and Hackers, Oh My!

I’ve since learned that wise WordPress users go in and delete any themes they’re not using. It’s a good idea to leave one back-up theme, should anything horrible happen to the one you’re using…like being hacked or something.

But not I! No, sir. Whatever themes I’d installed as I was searching for the perfect one stayed with me through the years. I’d see the themes needed updating but hey, I wasn’t using them anyway so why worry, right?

Here’s why. The next mention to come up in the chat about an hour later revealed just how much damage had been done by my update laziness.

Eric: I’ve deleted the extra themes and updated everything but a scan I’d run with Sucuri found backdoors and trojans in a ton of those themes.

SuperTech1: Ouch.

SuperTech2: Wow, that’s a new record.

SuperTech3: Hey Jenny, y’know this might make a great blog post.

(I could hear him snickering 2,000 miles away, and with good reason.)

Me: *looks for a rock to hide under*

Completely Destroyed

The amazing IvyCat crew worked diligently throughout the day to secure my site and prevent any cross-contamination. In the end, I was left with only a skeleton of what was once a beautifully custom-designed site. There was nothing they could do, the site was so infected it had to be fumigated.

It’s so ugly I can’t even show it to you. It is hidden behind a maintenance mode page and will probably remain so for some time. While the wonderfully generous team at IvyCat has offered to help rebuild the site, I can’t go in and face the music just yet. So, it sits.

A Lesson Learned

I worked for years on my site, tweaking and perfecting it until it had the functionality and look that I wanted. While the site’s admittedly been ignored for many months, it was still driving some business and was just nice to know it was there.

But I destroyed it with my laziness. It’s gone, a shell of its former glory, and it was all my fault.

It was such a simple fix to prevent this catastrophe: update the damn site! That’s it. That’s all I’d have to do and this would never have happened. See, with each update to a theme, plugin or WordPress itself, one of the most important changes they are making is to protect your site from malicious attacks.

It Can’t Happen To Me

Yeah, that’s what I thought. We’re always so surprised when ‘misfortune’ comes our way. These are the things that happen to other people, in other neighborhoods, on other sites. Not mine.

Well, I’m here to tell you that not only CAN it happen; it WILL happen if you follow in my lazy footsteps.

A Simple Solution

OK, so we’ve proven I can’t be trusted to keep my site updated on a regular, and safe, basis. What to do?

I asked Eric to put me on the WordPress Maintenance Plan. Like, ASAP. The Maintenance Plan is fantastic and was designed just for people like us. You know who you are!

The plan ensures that your site will be backed-up regularly…which would’ve been incredibly handy to have before my site’s infection was discovered. It also means that the IvyCat SuperTechs will keep your site UPDATED.

I’ve learned my lesson and am happy to have the chance to share it with you today. Don’t do what I did. Think of how much work you’ve put into your site. Is it worth a few extra bucks a month to protect it? Believe me when I tell you, it is.

Go check out WordPress Maintenance Plans and, if you have your own hacking horror story to share, please do so in the comments. Because together, we can make a difference. *sniffles*

One response to “Confessions of a Lazy WordPress Updater”

  1. Eric Amundson Avatar

    Thanks for the great, albeit humbling, post Jenny.

    The good news is:

    1. You’re not alone: There are lots of folks that don’t maintain their sites and have no idea if they have backups. Way too many, if you ask me, and we’ve had calls from other customers whose sites have been lost to malware or poor hosting.

    2. There are solutions: As you mentioned, we offer WordPress Maintenance Packages, as do other companies, so if you’ve got better things to do than monitor, update, and backup your site, you can turn it over to the pros.