Earlier this week I received an email requesting some help with a WordPress install that had been hacked. The site was almost 3 years old and was still running WordPress 2.2. It was quite funny getting to see and play with retro WordPress again, but it had to go.
First of all I got rid of the hack. I didn't do much research into WP2.2 security holes or spend any time trying to work out how it was done, I ran a text search on the files for the text and links that had been injected into the page and quickly discovered some superfluous functions in the theme footer and some other files. Deleting these got rid of the problem and restored the site to normal.
To be honest, I was nervous about upgrading this blog from WordPress 2.9.2 to 3.0, the software is moving on so quickly now, so the concept of upgrading from 2.2 where there isn't even the luxury of an upgrade button filled me with dread. I did a little research into upgrading, and put out a feeler tweet to see if anyone had experience useful tips. Someone suggested that I upgrade to 2.8 first then 2.9 and 3.0 but I decided to just go for it to start with.
In short, the steps involve:
- Backing up all your files and database
- Deactivating all plugins
- Deleting your WordPress install except for the customised parts (wp-config.php, .htaccess, themes, plugins, uploads, images, and any language files)
- Downloading the latest version of WordPress and unpacking.
- Uploading the new WordPress files to your website
- Going to wp-admin and following the instructions to run the upgrade script
The WordPress upgrade documentation goes into great detail, so I highly recommend you follow it word for word. I was very careful to follow the instructions carefully, and I'm pleased to report that the upgrade was a complete success. Not a bug, not a snag, not a hitch - easy peasy!
My Top Tips
Some additional things I recommend doing are:
- Be absolutely sure to deactivate all your plugins before deleting files and starting the upgrade process
- Once the upgrade process has run, check your website thoroughly before reactivating or upgrading any plugins
- If all is OK, take another backup of the database and files at this point
- After backing up, reactivate each plugin one-by-one testing the site thoroughly after each reactivation to ensure no bugs are caused and that the plugin provides the expected functionality.
- Take note of any plugins which malfunction, see if there is an available upgrade (don't run it yet) and deactivate the plugin until you have tested them all
- Backup again! You've now got all the working plugins enabled and the site is almost back to normal... so backup before upgrading your plugins!
- Upgrade each plugin one-by-one (and reactivate if necessary), again testing after each upgrade.
- You may have to find new plugins to replace old ones which are no longer maintained, but with luck your site should now be back to normal.