Why update WordPress, plugins, and themes?
Increase security
Updates to WordPress core, plugins, and themes often increase security by patching vulnerabilities and strengthening against attacks. To reduce the risk of your site being hacked or compromised in some other way, you could consider updating frequently!
When any expert talks about WordPress security, one of the first things they mention is to install updates. Hackers and other malicious parties watch the release notes. As soon as they learn of a vulnerability, they start exploiting it. So, you need to update as soon as possible to reduce the time that your site is vulnerable and the possiblity of a time consuming or expensive fix.
According to WPBeginner, 83% of hacked WordPress sites hadn’t been updated. According to page.ly stats, WordPress sites are frequently hacked due to “outdated versions of: PHP, WordPress, themes, or plugins”. WebDesign.com says, “by not updating, you are leaving your sites buggy and open to being hacked.” WordPress founder Matt Mullenweg begs users to update WordPress in How to Keep WordPress Secure.
For a recent example, see the WordPress 3.5.2 announcement, which says,
“This is a security release for all previous versions and we strongly encourage you to update your sites immediately. The WordPress security team resolved seven security issues, and this release also contains some additional security hardening.”
Not all WordPress updates include security patches, so it’s not always critical to update ASAP. Major releases of WordPress (versions with a single number after the decimal, such as 3.5 and 3.6) don’t typically include security fixes, so it’s usually OK to wait up to a week to install them. This is sometimes helpful to allow time for your plugin creators to patch anything in their plugins that might not allow them to be fully functional with the new version of wordpress.
Fix bugs
Updates to WordPress core, plugins, and themes often fix bugs that were discovered in previous versions. To get the fixed version, update!
Add features and functionality
Updates to WordPress core, plugins, and themes often add new features and functionality. To take advantage of them, update!
How to update WordPress
Fortunately, WordPress makes it pretty easy to update. You’ll see notifications when you log into your site. If you don’t log in daily, you should get email alerts by installing a plugin like WP Updates Notifier.
This is a great time to review your plugins and themes and remove the ones you’re not using. In general, the less code you have in your site, the fewer places there are for hackers to get in.
Here’s the update process we recommend:
- Read the release notes or changelog to see what the updates change.
- If possible, test the update on a development site. That way, if anything breaks, you can troubleshoot before updating your live site.
- Back up your site. You should already have it backed up automatically and routinely using a backup plugin like BackupBuddy, but it never hurts to make another backup.
- Install the updates.
- Review and test your site. Focus on the items that were noted in the release notes or changelog.
Not everyone wants to be bothered by the update treadmill. If you have better things to do, we’d be happy to talk to you about our WordPress maintenance service, which includes updates and backups. Please contact us to start the conversation.
Here is a video tutorial on how to update wordpress modules and core. Always keep in mind that a backup of your website and database should be performed before any updates. And while this video shows updating all modules at once, we don't recommend that method. We recommend that you update one module at a time and test it's functionatlity after the update, then move onto the next module. If one updated module were to break your website, you would then know which one it was. Then you can revert back to your backup and do all the updates but the troublesome one.