Are you keeping your WordPress website up to date?
Among some people, WordPress appears to have a bad reputation.
Although the platform has come a long way since it was first launched in 2003.
It is now the world’s most popular and widely used content management system that powers nearly 40% of all websites on the internet.
But in the early days, WordPress was predominantly used as a blogging platform, which has helped spread many myths and misconceptions about the technology today.
One of the main myths about WordPress is that it is an insecure platform.
We regularly attend meetings with prospective clients who ask, “But what about security, we’re bound to get hacked at some point right?”.
And the answer is no!
If you have an update policy in place.
As the world’s most popular technology to build websites on, this popularity also makes it an attractive target for hackers, malicious code distributors and data thieves.
If you fail to keep your WordPress website updated, then you are effectively handing burglars the keys to your house (please excuse the metaphor, but you get my point).
It’s worth pointing out that security isn’t just a WordPress problem.
It’s a universal issue that most website technologies have.
The mso team has a fantastic understanding of many website technologies (we even used to have our own bespoke platform back in the day), but we decide to build our websites on WordPress, not just because of its intuitive and easy to use nature, but because it is one of the most secure platforms your website can be built on.
If done right!
Astoundingly, it’s estimated that around a third of WordPress installations are running on an out-of-date version.
Leading WordPress security research shows many WordPress websites that do get hacked are either due to an outdated WordPress core, plugins or themes.
New WordPress releases come out every few months and the software is very easy to update to the latest version.
But we’re still seeing many businesses avoiding any sort of website update due to worrying about how that update may affect website performance and the stability of their website.
Tip – Any part of your WordPress website that is outdated, from the core through to any plugins you may use, will make you prone to hackers!
Websites that stay on older versions of WordPress are much more likely to get hacked, as hackers can find out the version of WordPress that you are using and worm their way in through back door portals.
Plugins can be fantastic additions for any WordPress website, especially if that plugin can deliver you the functionality you require and you do not have the expertise to create it yourself.
However, many businesses we speak to are incredibly hesitant whether to update that plugin, just in case it stops working.
Tip – If a plugin stops working upon update or doesn’t offer one, then you probably shouldn’t be using it at all.
Updates can break plugins if those plugins were in fact not following the best practices and coding standards.
When we begin supporting a WordPress website that we haven’t designed and built, one of our first tasks is to complete a plugin audit. We make sure that all plugins used are widely used across the WordPress community and that they have a visible update history and policy.
Security – In our opinion, security is arguably the most important reason you should be keeping your WordPress updated. There are security features built into practically every new release of WordPress. They spot the vulnerabilities and improve the software before the issues affect your website.
Features – Each major WordPress release also comes with new additional features that can be utilised to improve the website experience. Our team can spot an older version of WordPress just by looking at the design, layout, and feature set, as the experience that you can have with modern WordPress versions, is very different (and for the better).
Performance – Each new release also comes with several performance improvements too, which ensure that your WordPress website can run faster and become more efficient. Speed is a crucial factor in search engine optimisation, so it makes sense to keep your WordPress updated to ensure maximum performance benefits.
The most important updates for a secure and well performing WordPress website are updates to the WordPress core, plugins and any theme.
Most of the time, theme and plugin developers coordinate their updates with the major WordPress releases to ensure that they’re taking advantage of the new features and enhancements available.
If you spot a plugin or theme that hasn’t been updated in say a year, it might be the time to think about replacing it!
It’s more than likely that the developer has given up on the plugin and its age makes it a high security threat, as hackers can use it as a gateway to your website.
The newest version of WordPress even comes with a built-in update notification system, so there really are no excuses.
You can even take it a step further and automate the process by enabling automatic updates for major releases, plugins, and themes!
Tip – Automation just be approached with caution though, as this is a slightly risky option if you’re not using a managed WordPress hosting solution, as these companies automatically update your site to a new major WordPress version, whilst keeping on the lookout should something break.
Before attempting any type of update, the first thing to always ensure is that a complete WordPress backup has been completed.
This includes everything from your WordPress database and core WordPress files to all your media uploads and plugins and themes.
Once WordPress has been updated and installed, you need to ensure that everything is working as expected. This would ideally be completed in a staging environment before being replicated onto your live website.
Tip – Try visiting your website on a new browser window and review the settings within your WordPress admin.
It’s best practice to regularly keep your plugins updated too, as bugs that have been identified get fixed and the features will often perform better.
We have seen in the past that plugin and theme developers do not enable them to run efficiently on the latest version of WordPress, so testing every plugin and the theme is essential once updated.
If you don’t have the time to create and operate an update policy, then there are companies out there that can help (cough, cough).
The right website agency to support you will have a regular WordPress update process in place, which will look to carry out updates on a weekly or bi-weekly basis to ensure that your website is secure all the time.
They should also carry out daily backups of the website just in case there is a breach or an issue that takes the website down. This way, a recent version of the website can be quickly restored.
Since WordPress is open source by nature, theoretically anyone can study the code to learn and improve the technology.
But this also means that it can also be studied to find ways of breaking the websites too.
Once a website has been hacked, it can be very difficult to repair even if you have the required backups.
But there are a lot more good hackers than there are bad ones.
This means that there are WordPress security experts all around the world, that continue to study the code and report security bugs and fixes.
But WordPress updates are essential.
They add patches, allow developers to fix bugs, but most importantly, fix security issues.
Without updates, your website is failing to respond to the new methods that hackers are utilising, leaving you wide open to an attack.