Clients often ask, "Do I need to install updates for WordPress, plugins, and my theme?" The answer is an emphatic "Yes!" and it's because updates do the following:
Web apps such as WordPress are software, so you need to update them just like you update your operating system (Windows or macOS), applications, smartphone apps, etc. Let's take a closer look at why.
Note: This page contains affiliate links. Please see Affiliate Disclosure.
Updates to WordPress core, plugins, and themes often increase security by patching vulnerabilities and strengthening against attacks. To reduce the risk of your site being hacked or compromised in some other way, update!
When any expert talks about WordPress security, one of the first things they mention is to install updates. Hackers and other malicious parties watch the release notes. As soon as they learn of a vulnerability, they start exploiting it. So, you need to update as soon as possible to reduce the time that your site is vulnerable.
According to WPBeginner, 83% of hacked WordPress sites hadn't been updated. According to page.ly's stats, WordPress sites are frequently hacked due to "outdated versions of: PHP, WordPress, themes, or plugins". WebDesign.com says, "by not updating, you are leaving your sites buggy and open to being hacked." Finally, WordPress founder Matt Mullenweg begs users to update WordPress in How to Keep WordPress Secure.
For example, see the WordPress 5.0.1 announcement, which says,
This is a security release for all versions since WordPress 3.7. We strongly encourage you to update your sites immediately.
Not all WordPress updates include security patches, so it's not always critical to update ASAP. Major releases of WordPress (versions with a single number after the decimal, such as 5.3 and 5.4) don’t typically include security fixes, so it's usually OK to wait 1-7 days to install them.
Updates to WordPress core, plugins, and themes often fix bugs that were discovered in previous versions. To get the fixed version, update!
Updates to WordPress core, plugins, and themes often add new features and functionality. To take advantage of them, update!
Fortunately, WordPress makes it pretty easy to update. You'll see notifications when you log into your site. If you don't log in daily, you should get email alerts by installing a plugin like WP Updates Notifier.
This is a great time to review your plugins and themes and remove the ones you're not using. In general, the less code you have in your site, the fewer places there are for hackers to get in.
Here's the update process we recommend:
Not everyone wants to be bothered by the update treadmill. Installing updates and handling other WordPress maintenance tasks can be overwhelming. It doesn’t have to be. With OptimWise’s WordPress Maintenance Plans, we can do this for you. Let us take care of your website, so you can take care of your business.
I always update my plugins. But first i check it on my clone because sometime is throws errors...and thats not good for my site when the site is buggy.
Chris, that's a good practice. Whenever possible, it's a good idea to test updates on a development site before updating the live site.
Hi there,
Great post. I really did not know that updating a WordPress website is that much important.
Thanks for sharing your professional experience.
Hi there,
It is really cool to update the website, but how to recover the files that are disappeared if the update fails?
Erick, as I say in the How to update WordPress section of the post, you should back up your site prior to installing any updates. Then, if anything goes wrong because of the update, you can restore from backup.
Hi Chad,
Thanks for your reply. It's really helpful.
This is very informative and useful article on the importance of using updated WordPress theme and plugins .
From beginner to experienced users of wordpress will be benefited reading this article and work this instruction hopefully .
Thanks for commenting, Samdani!
I would be very interested to see any updated research statistics on this to see if there has been any change. I've been doing some similar research over the last year and am sorry to report that I am finding still finding similar results (UK sites).
The line of business in my research is also very worrying, from top level government sites, corporate organisations to media and individual blogs.
It has to make one wonder how committed those responsible for their sites are in protecting the data held within WordPress especially personal data that is so often has legislation attached to its' storage/use/security etc.
Nigel, I haven't looked for updated numbers, but I suspect the situation hasn't improved. Sadly, most site owners aren't aware of the importance of protecting their sites. Companies like yours and ours are doing what we can to help!
Hi Chad,
You provide a very essential information.Though I was always try to keep connected with this updated version but sometimes some unavoidable reason distract me.Honestly, I would thank you for your admirable work.You provide a statistic review that's very useful and I'm bit more conscious about this fact.
You're welcome, Sharon. I'm glad you found this info helpful.
Hey Chad!
You got informative articles.
Your write-up is helpful specially targeted to beginners. Here I would like to take another step of sharing a vital piece of information on updating WordPress. Read here: http://blog.templatetoaster.com/wordpress-updates-auto-configure-disable/
Thank you for sharing the in-depth post, Deepak.
Hello Chad Warner,
Thanks for sharing your informative post on updating WordPress theme and plugins. Hope users will get the post helpful for their need.
Still good information. Thanks for the post.
great post, i agree with all your points
Hm, I found exactly same some to this one. Looks like striped from your website. Or maybe other way around?
Thank you, Patrycjusz! We contacted that site and they removed the plagiarized blog post.