Your WordPress site (or any web site you put on the Internet) has value. Take care of it, it is your front yard and what the neighbors see. It’s your front office where you invite people to talk or do business with. Own it and take responsibility for it.

Recently on the WordPress support forums, I (not wisely) got into a security conversation. No great minds were changed, nothing new was discovered and nothing was accomplished.

In the hundreds of words exchanged, there was one tidbit sent my way that caught my attention.

Do you really think that it makes sense to expect these people to know/care about — and stay on top of — new/old security risks, manual plugin updates, manual core updates, etc.?

Yes, I do. 100%. Unequivocally.

I didn't reply there as the topic dissolved into a conversation about "blame".

I don't do blame, I'm about responsibility. Blame is for children, blame is for "It's not my/their fault" comments. Blame isn't about taking ownership, it's not a reason for something that happened. Too often blame is about excuses.

This isn't a new thing for me, I blogged about it 9 years ago. There's no shame in not having the technical ability to to maintain your site.

Software is a moving target

I recently went to a work event and one of the things repeated often was that security isn’t a state that you achieve. It’s a posture and is a response to a moving target.

WordPress powers over 28% of all web sites and that number is growing. Just as it is with popular office software and home PC operating systems, that number makes WordPress sites a very attractive target to go after. That’s why WordPress takes security very seriously.

But it’s a less than perfect world out there. Plugins and themes may not get the scrutiny that the core WordPress does. Patches happen all the time. When a minor number release of WordPress is pushed out, unless you or your host did something to prevent that, your site will update without you having to do anything.

Plugins and themes don’t update automatically, that’s turned off by default. That’s also where many sites get exploited.

Learn how to maintain your site

It’s still not a big list.

  1. Learn how to schedule backups and store them off of your WordPress site.
  2. Routinely log into your site to update plugins and themes. Or add a plugin to do it for you.
  3. Learn how to restore backups onto a blank installation.
  4. Or consider paying your host or a service to do these things for you.

Many hosts support WordPress and (for a fee) will do that maintenance for you.

Take responsibility but ask for help when you need it

I’ve not seen any surveys but I would guess that easily 80% of WordPress users don’t know how to do steps 1 through 3 above. I would also wager that half of those users rely on their host provider more than they realize.

That’s fine because most of those users may not lose sleep if they lose their blogs. People start blogs and forget about them all the time. For companies and organizations, a lost or compromised site can hurt their reputation.

If you need help or Very Bad Things™ happened, then you’ve got some options.

  1. See if your host can help you. Many host providers do offer WordPress support, sometimes for a fee.
  2. Hire someone, but be wary. I personally like companies that have real people, who interact and have a real reputation. WP Site Care is one such company, there are others. Don't just use Google, ask people who may know. Go to a local WordPress meetup and ask around.
  3. Post a support topic at the free, 100% staffed by volunteers, support forum. Notice that I put this one last?

Here’s why I put my favorite one at the end. There are no customers there, only users. If your site is on fire and you need it back ASAP then that’s just not a good option. I’ve been supporting and helping to admin those forums for years and they are top notch.

Those forums are staffed by unpaid volunteers working on their free time out of the goodness of their own hearts. Would you tell your CEO that’s your support model? You could do that. Some people have that misunderstanding and it often ends poorly. They don’t get the support they need and sadly, WordPress loses a user who didn’t realize what they were getting into.

A little self-education goes a long way. Don’t be afraid to ask questions about your WordPress site. At the end of the day it’s your responsibility. Learn and create a plan to maintain it and keep it running.

Don’t accept blame for what happens to your WordPress site. Take responsibility instead.