How can I lock down an old wordpress install I don’t intend to update?

With a dynamic CMS like WordPress, there is no real way to “lock it down.” As the web evolves, formerly unknown security holes are discovered and patched in new versions. In reality, unless you’re always running the latest version of WordPress (currently 3.0.4), your site is in some way vulnerable. If you don’t intend to ever update it again, creating a static version is the best and safest option – not “crazy talk.

A strong possibility is to use a caching plug-in and set the cache to never expire. The plug-in will automatically create static versions of your pages as they’re needed. Your links will still work, and people will be directed to the static HTML versions of each post and page rather than the dynamic, database generated ones.

By generating a static version, you won’t need to worry about database updates, WordPress updates, plug-in upgrades, or new versions of themes. It becomes maintenance-free, but is also “frozen” in the sense that comments won’t work and you can’t add new content … which is probably fine in this case.

Another alternative is to keep things dynamic and outsource the task of updating your site. Have someone like WordPress.com host the site and point all of your links to that version of the site. The hosted service (particularly that one) will always have the latest security patches without any intervention from you.

Leave a Comment

tech