Do not try the WPAU plugin

I had a hell of a scare when I tried the WPAU plugin. It is the Word Press Automatic Update software, maintained here. This blog runs on WordPress, served by Yahoo, a great host, but the version of WP I have is old (2.0.2).

The WPAU software is supposed to first create a WordPress and database backup, then install the newest version of WP (it actually tried to install one version back). It looked like all was well until I tried looking at the site. All my categories were gone, as were my Resume and other pages. Clicking on any link set up an infinite loop, mainly because of the “new and improved” database.

That is, the backup files were corrupted and the database was hosed: certain tables were deleted, others modified. For example, all my comments were gone! Thousands of them. I wept.

But I checked with Yahoo and it turns out that they provide snapshots every four hours (I pay 20 bucks a month for this privilege) and I was able to restore my entire database as of a few hours ago.

All seems well now, and I have a current backup.

So this is a tale of caution. Be careful what you are doing and always—simply always—regularly backup.


  1. I never had a problem with it. It was actually quite easy and painless for me. But I always keep a manual backup before doing anything that has to do with the databases. Not that it was necessary or anything since it worked like a charm.

  2. Hey William,

    glad you fixed it again. I always warned to use WPAU. For some people it worked, for some not. There is another plugin, Instant Upgrade. That works fine and the creator is very responsive. You can read about it on my tutorial. But I doubt you would ever try something like this again.

  3. I hate to say this but your problem probably stems from a combination of Yahoo hosting and running such an obsolete version of WordPress. Be that as it may I have two recommendations:

    1. Install the “WP-DB-Backup” plugin which you can use to backup your own database. If you post daily, then backup daily. It’s easy to do. I wouldn’t be without it and have used the backups to restore my DB more than once. (makes a .gz file, no extracting necessary, just use phpMyAdmin or whatever Yahoo has as an equivalent these days to import the entire .gz backup file itself).

    2. I strongly recommend that you remove the WP version number of from your post as well as the snippet of code in your “header.php” that inserts the WP version number into the source code of your site. You definitely do not want to be advertising the fact your running such an old and unsecured version of WordPress, anyone can see it. Just by coincidence, I had to cobble together two Yahoo hosted WP powered blogs that also ran the WP version you’re running and were badly hacked because of it. Attempting to recover these blogs using Yahoo hosting was a nightmare in itself.

    In your “header.php” there should be a line of code that looks something like this:

    Copy your “header.php” file to your computer for backup purposes and delete that section of code. That should decrease your vulnerability somewhat.

    And just some friendly advice here. Seriously consider moving to a host that specializes in hosting WordPress like Bluehost or Dreamhost. They give you all the industry standard tools you need, a real “cPanel”, no restrictions, just about unlimited storage and bandwidth, WP auto-install and it will save you around $12.00 to $14.00 a month. Sure, you have to do your own backups but I’d rather do it that way anyway.

  4. Briggs

    Kirk, Niche,

    Thanks guys! Most of the problems undoubtedly stem from my idiocies. I’m grateful for the tips.

    And Kirk, you were right on the money. I looked into my Header.php and Footer.php files and saw that it was hacked. Somebody had inserted a lot of crap like “” into the file. But since I looked at them now it’s all screwy!

    Dammit. I’ll have to work on this tonight.


  5. John,

    It’s easiest to just replace your “header.php” with the same file from the original downloaded theme (should be on your computer right?). Then make whatever changes you prefer including getting rid of that line of code that shows the version number.

    It’s difficult to give any further advice as far as “locking down” such an old version of WordPress (not nagging here, just an observation) since the newest version has a great deal of security features built in and there are plugins especially tailored to close the rest of the gaps.

    Anyway, good luck in tracking down any hacks you might have. You might want to check your “footer.php” as well but one piece of advice I can give you is that you take the original theme you downloaded, check both “header.php” and “footer.php” to make sure they’re clean, make any changes to the theme you need (locally, before uploading) and then chuck the hacked online theme and upload the clean one in it’s place. That way you eliminate any hacks that could possibly be located in any of your theme files (those are hard to track down).

Leave a Reply

Your email address will not be published. Required fields are marked *