WordPress is one of the most popular content management systems (CMS) in the world. Used for both websites and blogs, it offers a user-friendly CMS for website owners to manage their websites and blogs.
If you have a self-hosted WordPress blog or website, please read on. Let’s explore the top reasons why you need to update WordPress, plugins, themes, and how often.
Why You Need to Update WordPress
The one question I hear most often from WordPress clients is, “Why do I need to update?”
The Biggest Reason Why You Should Update WordPress
Security, Security, Security
Yes, I typed security three times because I cannot emphasize enough how important it is to update WordPress core files, plugins, and themes for security.
Due to its popularity across the Internet, WordPress is highly targeted by unscrupulous hackers that scan the web for vulnerable programming.
If a security hole is discovered in older versions of WordPress or third-party plugins, a hacker can use “holes or back doors” to access files and inject malware, viruses or redirect code.
While WordPress has enabled automatic since version 3.7, there are still many websites running older insecure versions of the core files. The updating of plugins and themes are often overlooked.
This situation is a disaster waiting to happen.
With any CMS, programming needs to be upgraded on occasion, which is not unlike the maintenance of a car. New versions are released with security updates and improvements to the programming.
Like many modern software packages, WordPress is updated regularly to address new security issues that may arise. Improving software security is always an ongoing concern, and to that end, you should always keep up to date with the latest version of WordPress. Older versions of WordPress are not maintained with security updates.
Reasons Why WordPress Gets Hacked
Outdated versions of WordPress, plugins, and themes are among the top reasons why WordPress sites are hacked.
You’ve most likely spent a great deal of time and money getting your WordPress driven website developed and customized to fit your needs. It may be your main source of income if you have an E-commerce website for your company products. Or, your website may be your company’s 24×7 advertisement on the Internet to reach potential new clients.
No matter the purpose why you use WordPress, wouldn’t you want to make sure that it is as secure as possible from potential hackers?
Imagine This Scenario
Imagine that you spent a sizable sum of money to have a security system installed at your home. The paperwork from the company that installed the security system stated that there would be occasional updates that would need to be made to ensure that the system was functioning properly.
Six months later, you receive an email that an update has been released. However, you don’t even open the email.
Then one day, an arsonist finds a door at your home left unsecured, breaks in, and starts a fire.
You now have to deal with the cleanup of a catastrophe that could have been avoided.
The Case of the Russian Malware, SoakSoak
In December 2014, I spent several days helping a new client clean up his E-Commerce website that had been hacked.
It turned out that the website owner should have received an email notice the previous September warning that a security flaw had been discovered in the popular Revolution Slider premium WordPress plugin. He didn’t realize that this plugin had been bundled with the theme. He explained that he never received the notice.
The results of not upgrading this plugin were devastating.
Almost three months after that email was sent, this client brought the website up on the Internet. He was greeted with a huge red screen with the warning that Google had found malware on the website. It was blacklisted by Google, and his Internet sales came screeching to an abrupt halt.
The website had been infected with the Russian malware, SoakSoak.
This infection that resulted in a loss of income could have been avoided if the Revolution Slider plugin had been updated when the security version was released.
Why Use WordPress if it is Vulnerable to Hacking?
I recently posted an update about a number of WordPress sites that had been hacked and blacklisted by Google due to a plugin security flaw. One of our friends commented and asked the question, “Why use WordPress if it is so vulnerable to hacking?”
Let’s take a minute and reframe this.
Hopefully, you won’t have to imagine this, but if not, imagine that you have a fuel-efficient car. For security, you lock the doors, and you may have installed a security system to deter thieves from breaking in. It requires maintenance that includes the occasional changing of the oil, oil filter, and the tires need to be rotated. It is a great vehicle with a smooth ride, and you need a vehicle to get to work.
In the same way, WordPress is a great vehicle to help you accomplish your Internet goals. Like a car, it requires security and maintenance to keep it running smoothly.
Other content management systems are vulnerable to hacking if not updated and maintained as well. Again, because WordPress is so popular worldwide, it is often the target of hackers and garners the attention of the press when security flaws are discovered.
How Often Do You Need to Update WordPress?
The second question that I often hear from WordPress clients is how often WordPress needs to be updated.
The simple answer is as often as a new version of WordPress is released or when updated plugins or themes are released.
There is no set timetable for the release of the updates. Updates are released when new security features are developed, to fix bugs and to add functions, and features.
Checklist for Keeping WordPress Updated
- Check your WordPress admin area on a regular basis for programming updates.
- Make sure that your database is backed up on a regular basis.
- Be certain that you have a clean backup of your theme files.
- Examine your plugins to make sure they are being updated on a regular basis by the authors.
- If you don’t use it, lose it. If you are not using plugins or themes, delete them. This also applies to orphaned installations of WordPress that may have been a developmental area of your website.
- Find someone to help you if you feel uncomfortable maintaining WordPress.
We’ve taken a closer look at why WordPress core files, plugins, and themes need to be updated and how often. While updating is only a part of increasing the security of your WordPress website, it is one of the most important things you can do.
If you feel overwhelmed by the care and maintenance of your WordPress site and would like to get off the WordPress update treadmill, make it a top priority to find someone to do it for you. We would be happy to help. Please contact us today.
Over to You
Do you have a plan to keep your WordPress website or blog updated? Please share your thoughts in the comments below.