Clients often ask, “Do I need to install updates for WordPress, plugins, and my theme?” The answer is an emphatic “Yes!“, and it’s because updates do the following:
- Increase security
- Fix bugs
- Add features and functionality
Web apps such as WordPress are software, so you need to update them just like you update your operating system (Windows or Mac OS), applications, smartphone apps, etc. Let’s take a closer look at why.
Why update WordPress, plugins, and themes?
Updates to WordPress core, plugins, and themes often increase security by patching vulnerabilities and strengthening against attacks. To reduce the risk of your site being hacked or compromised in some other way, update!
When any expert talks about WordPress security, one of the first things they mention is to install updates. Hackers and other malicious parties watch the release notes. As soon as they learn of a vulnerability, they start exploiting it. So, you need to update as soon as possible to reduce the time that your site is vulnerable.
According to WPBeginner, 83% of hacked WordPress sites hadn’t been updated. According to page.ly’s stats, WordPress sites are frequently hacked due to “outdated versions of: PHP, WordPress, themes, or plugins”. WebDesign.com says, “by not updating, you are leaving your sites buggy and open to being hacked.” Finally, WordPress founder Matt Mullenweg begs users to update WordPress in How to Keep WordPress Secure.
For a recent example, see the WordPress 3.5.2 announcement, which says,
“This is a security release for all previous versions and we strongly encourage you to update your sites immediately. The WordPress security team resolved seven security issues, and this release also contains some additional security hardening.”
Not all WordPress updates include security patches, so it’s not always critical to update ASAP. Major releases of WordPress (versions with a single number after the decimal, such as 3.5 and 3.6) don’t typically include security fixes, so it’s usually OK to wait 1-7 days to install them.
Updates to WordPress core, plugins, and themes often fix bugs that were discovered in previous versions. To get the fixed version, update!
Add features and functionality
Updates to WordPress core, plugins, and themes often add new features and functionality. To take advantage of them, update!
How to update WordPress
Fortunately, WordPress makes it pretty easy to update. You’ll see notifications when you log into your site. If you don’t log in daily, you should get email alerts by installing a plugin like WP Updates Notifier.
This is a great time to review your plugins and themes and remove the ones you’re not using. In general, the less code you have in your site, the fewer places there are for hackers to get in.
Here’s the update process we recommend:
- Read the release notes or changelog to see what the updates change.
- If possible, test the update on a development site. That way, if anything breaks, you can troubleshoot before updating your live site.
- Back up your site. You should already have it backed up automatically and routinely using a backup plugin like BackupBuddy, but it never hurts to make another backup.
- Install the updates.
- Review and test your site. Focus on the items that were noted in the release notes or changelog.
Not everyone wants to be bothered by the update treadmill. If you have better things to do, we’d be happy to talk to you about our WordPress maintenance service, which includes updates and backups. Please contact us to start the conversation.