Clients often ask, "Do I need to install updates for WordPress, plugins, and my theme?" The answer is an emphatic "Yes!" and it's because updates do the following:
Web apps such as WordPress are software, so you need to update them just like you update your operating system (Windows or macOS), applications, smartphone apps, etc. Let's take a closer look at why.
Note: This page contains affiliate links. Please see Affiliate Disclosure.
Updates to WordPress core, plugins, and themes often increase security by patching vulnerabilities and strengthening against attacks. To reduce the risk of your site being hacked or compromised in some other way, update!
When any expert talks about WordPress security, one of the first things they mention is to install updates. Hackers and other malicious parties watch the release notes. As soon as they learn of a vulnerability, they start exploiting it. So, you need to update as soon as possible to reduce the time that your site is vulnerable.
According to WPBeginner, 83% of hacked WordPress sites hadn't been updated. According to page.ly's stats, WordPress sites are frequently hacked due to "outdated versions of: PHP, WordPress, themes, or plugins". WebDesign.com says, "by not updating, you are leaving your sites buggy and open to being hacked." Finally, WordPress founder Matt Mullenweg begs users to update WordPress in How to Keep WordPress Secure.
For example, see the WordPress 5.0.1 announcement, which says,
This is a security release for all versions since WordPress 3.7. We strongly encourage you to update your sites immediately.
Not all WordPress updates include security patches, so it's not always critical to update ASAP. Major releases of WordPress (versions with a single number after the decimal, such as 5.3 and 5.4) don’t typically include security fixes, so it's usually OK to wait 1-7 days to install them.
Updates to WordPress core, plugins, and themes often fix bugs that were discovered in previous versions. To get the fixed version, update!
Updates to WordPress core, plugins, and themes often add new features and functionality. To take advantage of them, update!
Fortunately, WordPress makes it pretty easy to update. You'll see notifications when you log into your site. If you don't log in daily, you should get email alerts by installing a plugin like WP Updates Notifier.
This is a great time to review your plugins and themes and remove the ones you're not using. In general, the less code you have in your site, the fewer places there are for hackers to get in.
Here's the update process we recommend:
Not everyone wants to be bothered by the update treadmill. Installing updates and handling other WordPress maintenance tasks can be overwhelming. It doesn’t have to be. With OptimWise’s WordPress Maintenance Plans, we can do this for you. Let us take care of your website, so you can take care of your business.