Do you need to update your website to the latest WordPress installation each time there is a new update?
Often, clients will ask me, “Do I need to install the new updates for WordPress, plugins and my themes?”
The answer is a resounding “Yes!”, because updates can easily do the following:
1. Increase Security
2. Add Features and Functionally
3. Fix Any Bugs
Web applications, such as WordPress, are still software, so you need to update them just as you would update your operating system, smartphone apps, etc. Let us examine the many reasons why.
Why Update WordPress, Plugins and Themes?
Updates to WordPress’ core, plugins and themes have the ability to increase security by patching any vulnerabilities, strengthening them against attacks. If you want to reduce the risk of your site being hacked or compromised in some other way, you need to update!
When experts talk about WordPress security, one of the first things they mention is that it’s necessary to install all available updates. Hackers and other malicious parties will be watching the release notes. As soon as a new vulnerability is exposed, they will begin to exploit it. You must update as soon as possible in order to reduce the time that your site remains vulnerable.
According to WPBeginner, 83% of hacked WordPress sites had not been updated. According to page.ly’s stats, WordPress sites are frequently hacked due to “outdated versions of: PHP, WordPress, themes, or plugins.” WebDesign.com has said that “by not updating, you are leaving your sites buggy and open to being hacked.” Finally, WordPress founder Matt Mullenweg begs users to update WordPress in How to Keep WordPress Secure.
For more recent examples, see the WordPress 3.5.2. announcement, which says,
“This is a security release for all previous versions and we strongly encourage you to update your sites immediately. The WordPress security team resolved seven security issues, and this release also contains some additional security hardening.”
Don’t worry, not every WordPress update will include security patches, so it’s not always crucial to update ASAP. Major releases of WordPress (versions with a single number after the decimal, such as 3.5 and 3.6) don’t typically include security fixes, so it’s usually OK to wait between 1-7 days to install them.
Updates to WordPress core, plugins and themes will often fix bugs that may have been discovered in previous versions. In order to get the fixed version, update!
Add Features and Functionality
Updates to WordPress core, plugins and themes often add newer features and better functionality. In order to take advantage of them, update!
How to Update WordPress
Luckily, WordPress makes it pretty easy to get new updates. You’ll see a notification when you log into your site advising you to do so. If you don’t log in every day, you will also get email alerts by installing a plugin like Wordfence or WP Update Notifier.
This s a great time to review your plugins and themes and remove the ones you’re not using. Generally, the less code you have to use on your site, the fewer places there are for hackers to get in.
Here is the update process, which I recommend:
1. Read any release notes or change logs in order to see what the updates will change (yes! this might be a bit difficult to understand for the average user).
2. If at all possible, test the update on a developmental site (not live site!). That way, if anything breaks you can troubleshoot the solution before updating your live site.
3. Back up your site! You should have it backed up automatically already and routinely using a back up service like the one I offer, however it never hurts to make an additional backup.
4. Install the updates.
5. Review and test your site. Focus on the items that were noted in the release notes or changelog.
Not everyone wants to be bothered by the frequent updates, so if you have better things to do, I would be more than happy to discuss my WordPress maintenance service with you, which includes updates and backups.
Please, contact me today to start a conversation.