Moving at the Speed of Creativity by Wesley Fryer

Lessons Learned from WordPress Blog Upgrades

This evening I spent a few hours updating a long list of different WordPress blogs I maintain and have put online in the past few years. Since I have so many sites online now, I probably should commit regular time each month or so to this upgrade process. Not upgrading your site can leave you vulnerable to a hacking attack, as Alan November found out in November of 2010. If it can happen to Alan, it can happen to any of us, so it’s a good idea to make blog upgrades a regular part of your digital life if you “self-host” any blogs or other sites.


If you use a hosted blog site like, Blogger, Posterous, or Tumblr, one of the benefits of your hosted status is you don’t have to manually update your site: Your hosting provider does this for you. That’s the case with WordPress installations hosted by providers like EduBlogs and KidBlog as well. These are the hosted blog sites I currently use, which (thankfully) don’t require any manual updates on my part.



Blogs on hosted sites shouldn’t require any manual updates from you. Hosted sites come with some drawbacks, however, including more limited choices for the types of plug-ins and the site customizations you can add. WordPress as well as other blogging platforms now offer pretty robust customization options through menus and widgets, so the limitations of a hosted blog may not be a big deal to you. Situations vary, but for MANY people a hosted blog can be a great way to avoid the headaches (and time required for manual updates) which come with self-hosted blogs and sites.

See my July 2012 post, “Why WordPress: An Extensible Platform” for iThemes EDU for more on the benefits of a self-hosted WordPress installation.


This evening as I got started with my WordPress site updates, I updated my list of different websites I maintain as my “digital footprint” on ClaimID. ( ClaimID is an excellent, free website James Deaton showed me several years ago which works helps keep track of current as well as older websites to which you contribute. I hadn’t updated my ClaimID site in awhile, so I ended up finding some additional sites I hadn’t listed (but needed updating) by scanning my server directory structure with my FTP client. This list is pretty long. Here is an almost-comprehensive list of the self-hosted WordPress installations I have online at this point, which I updated tonight. (not currently being updated tho) (old site and not being updated) (old site and not being updated)

There are a few websites I’m using now which run PHP-based code and install similarly to WordPress, but don’t use WordPress and have a different upgrade process. Two of those are:

Podcast Generator (

Tweet Nest (

Whether or not you use multiple blog sites, I think it’s a good idea to keep an updated list of sites which you use and “claim” using a tool like, or your Google Profile page. “Staking your virtual claim” in this way is an important part of crafting a professional digital footprint.


One of the issues I’m becoming more interested and attentive to is keeping current blog backups. While my blog host theoretically keeps backups of my site, I think it’s a good idea to personally verify working backups of all important websites are regularly made and available. Lately I’ve been checking out the iThemes plugin, BackUpBuddy, as a tool for regularly creating WordPress database and entire WordPress website backups. To date I’ve just set this up on one of my websites as a trial, but I’m considering installing it on all my sites. It’s not free, but the functionality is so important it’s an expense I almost can’t imagine not paying. In my initial trial I setup my WordPress database backup to save directly to my Amazon S3 account in a new “bucket” I created. S3 looks like the most affordable way to go with regular backups, compared to DropBox and other solutions.

There are a variety of other WordPress database backup tools which are available and can do scheduled backups. My recommendation is to use a solution, TEST it to verify you can restore / bring your entire website back online, and check periodically to ensure scheduled backups are running.


As I went through my list of current as well as older sites tonight, I found an older site I’d setup as a sandbox a couple years ago using the free WordPress plugin BBPress. Unfortunately, that site has been very actively used by spammers and is now full of junk.

Old website spam

I tried to update my older installed version of BBpress (version 1.0.2) to the current version but was not successful. Rather than wrangle with this longer, I used my CPANEL web host interface to enable a password for the entire directory, so visitors/spammers can no longer add content there and Google won’t index their content for links. That’s the main reason spam bloggers want to add content to sites like this, I think, to add links which they hope will boost their SEO rankings. In this case my site wasn’t actually “hacked” by spammers, but since I’d left registration and posting options open… BBpress spammers took advantage of that. At some point down the road, I’ll need to work on either cleaning up this site and upgrading it, or migrating the good content (book notes) I put into it to another site and deleting the original forever.

Different companies now offer site security scanning as a service. Securi is one of them, and some of their site scanning tools are included with the BuddyPress plugin. I don’t have regular site security scans setup for my blogs, but this is something I’ll continue to consider and may setup down the line.

Technorati Tags: , , , ,

If you enjoyed this post and found it useful, subscribe to Wes’ free newsletter. Check out Wes’ video tutorial library, “Playing with Media.” Information about more ways to learn with Dr. Wesley Fryer are available on

On this day..



, ,