Top Reasons Why You Need to Update WordPress

Top Reasons Why You Need to Update WordPress

WordPress is one of the most popular content management systems (CMS) in the world. Used for both websites and blogs, it offers a user-friendly CMS for website owners to manage their websites and blogs.

If you have a self-hosted WordPress blog or website, please read on. Let’s explore the top reasons you need to update WordPress, plugins, themes, and how often.

Why You Need to Update WordPress

The one question I hear most often from WordPress clients is, “Why do I need to update?”

The Biggest Reason Why You Should Update WordPress

Security, Security, Security

Yes, I typed security three times because I cannot emphasize enough how important it is to update WordPress core files, plugins, and themes for security.

WordPress is highly targeted by unscrupulous hackers that scan the web for vulnerable programming due to its popularity across the internet.

If a security hole is discovered in older versions of WordPress or third-party plugins, a hacker can use “holes or back doors” to access files and inject malware, viruses, or redirect code.

While WordPress has enabled automatic since version 3.7, there are still many websites running older insecure versions of the core files. The updating of plugins and themes are often overlooked.

This situation is a disaster waiting to happen.

With any CMS, programming needs to be upgraded on occasion, not unlike the maintenance of a car. New versions are released with security updates and improvements to the programming. states,

Like many modern software packages, WordPress is updated regularly to address new security issues that may arise. Improving software security is always an ongoing concern, and to that end, you should always keep up to date with the latest version of WordPress. Older WordPress versions are not maintained with security updates.

Reasons Why WordPress Gets Hacked

Outdated versions of WordPress, plugins, and themes are among the top reasons why WordPress sites are hacked.

You’ve most likely spent a great deal of time and money getting your WordPress driven website developed and customized to fit your needs. It may be your main source of income if you have an E-commerce website for your company products. Or, your website may be your company’s 24×7 advertisement on the Internet to reach potential new clients.

No matter why you use WordPress, wouldn’t you want to make sure that it is as secure as possible from potential hackers?

Imagine This Scenario

Imagine that you spent a sizable sum of money to have a security system installed at your home. The paperwork from the company that installed the security system stated that there would be occasional updates that would need to be made to ensure that the system was functioning properly.

Six months later, you receive an email that an update has been released. However, you don’t even open the email.

Then one day, an arsonist finds a door at your home left unsecured, breaks in, and starts a fire.

You now have to deal with the cleanup of a catastrophe that could have been avoided.

The Case of the Russian Malware, SoakSoak

In December 2014, I spent several days helping a new client clean up his E-Commerce website that had been hacked.

It turned out that the website owner should have received an email notice the previous September warning that a security flaw had been discovered in the popular Revolution Slider premium WordPress plugin. He didn’t realize that this plugin had been bundled with the theme. He explained that he never received the notice.

The results of not upgrading this plugin were devastating.

Almost three months after that email was sent, this client brought the website up on the Internet. He was greeted with a huge red screen with the warning that Google had found malware on the website. Google blacklisted it, and his Internet sales came screeching to an abrupt halt.

The website had been infected with the Russian malware, SoakSoak.

This infection that resulted in a loss of income could have been avoided if the Revolution Slider plugin had been updated when the security version was released.

Google malware warning in Chrome

Google malware warning in Chrome for a hacked website

Why Use WordPress if it is Vulnerable to Hacking?

I recently posted an update about a number of WordPress sites that had been hacked and blacklisted by Google due to a plugin security flaw. One of our friends commented and asked the question, “Why use WordPress if it is so vulnerable to hacking?”

Let’s take a minute and reframe this.

Hopefully, you won’t have to imagine this, but if not, imagine that you have a fuel-efficient car. For security, you lock the doors, and you may have installed a security system to deter thieves from breaking in. It requires maintenance that includes the occasional changing of the oil, oil filter, and the tires need to be rotated. It is a great vehicle with a smooth ride, and you need a vehicle to get to work.

In the same way, WordPress is a great vehicle to help you accomplish your Internet goals. Like a car, it requires security and maintenance to keep it running smoothly.

Other content management systems are vulnerable to hacking if not updated and maintained as well. Again, because WordPress is so popular worldwide, it is often the target of hackers and garners the attention of the press when security flaws are discovered.

How Often Do You Need to Update WordPress?

The second question that I often hear from WordPress clients is how often WordPress needs to be updated.

The simple answer is as often as a new version of WordPress is released or when updated plugins or themes are released.

There is no set timetable for the release of the updates. Updates are released when new security features are developed, to fix bugs, and to add functions and features.

Checklist for Keeping WordPress Updated

  • Check your WordPress admin area on a regular basis for programming updates.
  • Make sure that your database is backed up on a regularly.
  • Be certain that you have a clean backup of your theme files.
  • Examine your plugins to make sure they are being updated on a regular basis by the authors.
  • If you don’t use it, lose it. If you are not using plugins or themes, delete them. This also applies to orphaned installations of WordPress that may have been a developmental area of your website.
  • Find someone to help you if you feel uncomfortable maintaining WordPress.
Outdated plugin

Example of an outdated plugin in the WordPress Plugin Directory


We’ve taken a closer look at why WordPress core files, plugins, and themes need to be updated and how often. While updating is only a part of increasing the security of your WordPress website, it is one of the most important things you can do.

If you feel overwhelmed by your WordPress site’s care and maintenance and would like to get off the WordPress update treadmill, make it a top priority to find someone to do it for you. We would be happy to help. Please contact us today.

Over to You

Do you have a plan to keep your WordPress website or blog updated? Please share your thoughts in the comments below.

Fascinated with the growing potential and power of the Internet, Robin founded R & R Web Design LLC in the Chicago area in 2000. As creative director, she is passionate about helping others reach their Internet objectives through a strategic online presence with results driven custom web design, ethical SEO, and social media marketing.

8 comments on “Top Reasons Why You Need to Update WordPress
  1. Tina says:

    wow, Robin, this is such valuable information! Thanks so much. I’m going to send this to Mark and ask him to teach me how to back up the sites and then worry about the updates. Is every 3-4 months often enough to update?

    • Hi Tina,
      It is great to hear that you found this helpful. As for how to backup your website’s database, there are plugins that can help with this. For example, Backup Buddy is a premium WordPress plugin that will backup your database and files and save them offsite cloud storage area. You can set them to backup your database on regular intervals.

      As for how often one should be backing up, great question. Thank you for bringing this up. It depends on several factors. If you are updating your website often with new content, you will want to back up often. For example, if you publish a weekly blog article, you will definitely want to backup your database at least once a week.

      You will want to have a clean backup of your theme files, all plugins and images. In the case of the website that was hacked with the Russian Malware, SoakSoak, he did not have a backup of the files or database. This made the cleanup much more complicated and costly.

  2. Hi Robin

    I do weekly backups right from Cpanel and also do spot checks of visitors to my website blog. Wordfence is an invaluable plugin in checking for updates and other issues that can become a website owner’s nightmare if not handled on a timely basis. Updating versions, themes and plugins is very important.

    • Hi Vatsala,

      That is great that you do weekly backups from your website’s Cpanel. Wordfence is an invaluable plugin. I couldn’t agree with you more that updating WordPress, themes and plugins is extremely important. If not, a website can be wide open to hacking.

      I appreciate you stopping by and reading this post.

      ~ Robin

  3. Terry Green says:

    Great article Robin! I use VaultPress for all of my backups. It backs up constantly, so there is always a fresh backup of my site no matter how far I need to go back. Keeping WordPress and all of your plugins updated is so vitally important for all of the reasons you point out. Thanks for covering this very important information.

    • Hi Terry,

      Thank you! It is great that you are using VaultPress for all of your backups. Yes, keeping everything up to date is crucial. I appreciate you stopping!

      ~ Robin

  4. Chef Katrina says:

    As always great information and fun to read. You make being a blogger on a WP site easy to manage with tips like this. I have a lot of my Pinterest clients with WP blogs and I look forward to sharing this information with them. 🙂