WordPress update: Wondering whether you should update WordPress websites regularly? Did you know that over 80% of the websites that are hacked is because they were not being updated? Say you have created a site and then forgotten all about it. The numbers tell us that if you are not updating your WordPress site, you are putting your website at risk.
We are not talking about this to scare you but to highlight the fact that security is not dependent on just one thing. Security is complicated. Your site needs to be looked after and managed from time to time. Moreover, there is no such thing as absolute security. The least we can do is work to reduce the risk of a security breach. That is where updates come in. When you receive a WordPress update notification, it could mean that a vulnerability has been detected. To fix that, an update for WordPress has been released by the developers. When website owners avoid such updates, they are allowing hackers to use the vulnerability to break into your site.
WordPress Plugins and Add-ons:
One of the best parts of building a website on WordPress is that you can use plugins to add features to make your website more interactive. WordPress is a fairly safe environment. It is the world’s biggest and most popular content management system empowering over 60 million websites. From time to time, a WordPress update is released to patch up all vulnerabilities. The platform is being managed by the best talents in the world but what about the plugins and themes that you use on your website? Research shows that a majority of hacks occur because of vulnerabilities in the plugins or themes.
If like us, you love to try out new plugins, you must have come across plugins whose updates are few and far between. Plugins and themes are bound to have issues. When these issues are discovered, developers quickly push out a security release or security patch to fix the issue. Themes/plugins that are not being updated from time to time are not being maintained well. Such plugins are weak and could become a target of a hack attempt.
WordPress is all about community. Hundreds of thousands of contributors volunteer to strengthen the security of the CMS. WordPress offers an excellent platform for responsible disclosure of issues. There is even a bug bounty program where they offer rewards to security researchers for finding flaws in WordPress, BuddyPress, bbPress, etc. This helps strengthen the platform.
You Think Your Website is Too Small to Be a Target?
Do you think your website is too small to draw a hacker’s attention? That’s a mistake because hackers rarely target a single website. Also, a big website is protected by the best security systems and are therefore hard to break in. Small websites tend to have weaker website security because the site owners think their site is not important enough to be attacked. Hackers are scanning millions of websites on the internet using their automated tools. They search for sites running vulnerable plugins or themes or out-of-date WordPress core. Hence along with WordPress update, keeping the add-on up-to-date is important.
It’s been reported that 43% of cyber attacks target small businesses. Even more horrifying is the fact that 60% of these small companies go out of business within six months. You could be one of them if you are not vigilant!
You must be wondering, what can you do about this growing threat? The answer is simple: you will have to take all the necessary precautions to save your site. We’d suggest that not only should you regularly update WordPress sites but also periodically check if all the plugins in your site are being upgraded from time to time. We strongly believe, it’s better to get rid of the plugins that are being neglected by their developers for a long time. We’d suggest the same security measures for the themes that you are using.
What About WordPress’ Own Security Measure?
For some of you who are thinking about WordPress’ own security measures like firewall or WordPress firewall. Give us a chance to illustrate why the firewall is not always effective. The term firewall means a barrier that prevents the fire from spreading across a building. That makes it easier to contain and eventually extinguish it. In the same vein, a WordPress firewall is a protective measure for WordPress sites. It helps in hardening the security of the site against various kinds of cyber threats. But firewall can’t guarantee a site’s security but WordPress update can. Firewalls are often temporary measures and can’t keep all evil-doer at bay. Case in point, take a look at this excellent study on whether WordPress security plugins really secure your website? These plugins offer a host of firewall options.
Therefore updating your site can go a long way in saving your site. But, remember when we said security is not an absolute thing, earlier in the post? Here are a few problems that you can face when updating your, themes or plugins or core:
Issues That Can Crop Up While Updating a WordPress Site:
1. WordPress Update Can Break Your Site
Updating a plugin or theme today is a one-click journey. But any experienced person will tell you that you need to be careful before pulling the trigger.
You have built your website around a version of a theme or plugin that was available at the time. When a new version of the theme/plugin is released, you’d expect it to behave as the previous version did. But that isn’t always the case. Developers try to make sure that the new version of a plugin or theme is compatible. This will ensure that the website build on the previous version is intact. Unfortunately, sometimes things don’t work out as one desires. Between WordPress version changes, the software can become incompatible. And therefore, updating a theme or plugin ends up breaking the site.
WooCommerce had a major release a couple of years back that caused a lot of problems for e-commerce site owners. They had built their website using the previous version of the plugin. Their new WordPress update was not compatible with the older version, and that lead to websites crashing and other issues.
The problem is further amplified when the new version contains security fixes along with some major enhancements. One example for this that comes to mind immediately is the RevSlider plugin. It had a vulnerability which led to thousands of WordPress sites being compromised. The fix was presented in a major update which in turn caused websites to break. It was a catch-22 situation. And left many sites scrambling to find new alternatives or to build their sites all over again.
2. Updates of Premium Plugins Are Becoming Expensive
The whole point of paying for a plugin or theme is to get a better service, right? Say you require a plugin for your WordPress site. You pick a trial version of a plugin that you think fits your bill. On being satisfied, you upgrade and become a premium user. As a premium user, you are getting crucial WordPress update and support from the developers. It may happen that while making that upgrade, it was not communicated well enough that you need to renew the licenses on a regular basis (perhaps, on a yearly basis). And after using the plugin or theme for a year, you find out that you need to renew your license again.
If you don’t renew the license, you will lose out on the updates. Unfortunately, many website owners are not able to renew the license of a premium plugin and themes for a number of reasons.
Earlier premium WordPress themes and plugins used to come with lifetime updates. Of late, the trend has been shifting towards a subscription model where you subscribe for a year and then have to renew your license the next year. The increasing expense of maintaining a site is disappointing, especially since you had not anticipated it.
3. Many Premium Plugins/Themes Don’t Notify About Updates
Throughout this post, we have been emphasizing why updating WordPress site is so crucial in keeping security issues at bay. We have also mentioned how easy it has become to update plugins and themes these days. WordPress automatically checks for updates. So as the developers release an update, you are immediately notified. All you need to do is be vigilant and visit your site every day to see if there’s a WordPress update available. One click and you’ll be able to initiate the updating process. You can also set in a way that it’s automatically updating.
Most premium plugins, however, are not present in the repository. Some of these plugins have auto-update functionality like the ones in the WordPress repository hosted plugins. They tend to be easy to update. However, there are some plugins lacking the said functionality and do not have an easy way to update. So when the developers release a new version fixing important vulnerabilities and making major reforms, you will not be able to know about it easily. You’ll have to monitor their blogs and other such sources to discover when an update is available. Updating is so important in keeping your site safe, but this additional hurdle makes the process even more difficult.
4. Developers Abandon Themes or Plugins, Sometimes
There is an ever-growing repository of free as well as paid WordPress plugins and themes. People create themes/plugins for various reasons, but maintenance is a challenge. Maintenance and support are directly related to the budget. Creating good quality software takes time and effort. Developers who are unable to focus on the product on a full-time basis may eventually lose interest in it. Moreover, if the theme or plugins is not being regularly updated, vulnerabilities are going to creep in, and less and fewer people are going to use it. Fall in the popularity of a free theme or plugin may also result in plummeting interest for the creators.
Some plugins or themes reach natural end-of-life and when they do developers abandon them. Some of these are very popular, created by reputed developers. An example would be the Canvas theme by WooCommerce. It was EOL’ed, following which the developers were encouraged to look for alternatives.
5. WordPress Manual Updates Are Not Feasible if You Are Running Multiple Site
We assume some of you are reading the post are running more than a single website. You probably have to deal with updating your sites several times a week. This is why you are reading whether updates are important for your site’s security. And we have told you it is! You can go ahead and manually update the WordPress core plugins, themes, and or use a premium plugin that allows you to perform auto-updates. While several free or even premium tools don’t offer automated functions, there are a few (good ones) that do. To mention some, tools like MalCare or ManageWP or MainWP helps makes updates and maintain your site easily.
We suggest you take a look at them and use them for hardening the security of your WordPress website. If you’d feel more comfortable with a team fully managing the security and updates of your website, a WordPress maintenance service like WP Buffs would probably be a perfect fit for you. They look after updates, security, website speed, and ongoing edits regardless of whether you’re managing one website or 1000!
Cybersecurity is a joint effort. Besides choosing a good WordPress hosting service, keeping the site up-to-date, having a backup and using WordPress Malware removal plugin is incredibly helpful. We just talked about how even updating can’t promise a secure website. If you take measures to protect against malware threats and backup your WordPress site for when your website crashes (we hope not), it will save you a lot of time and trouble.
Over to You
The problem isn’t limited to regular security and maintenance release. Sometimes failed updates cause people to abandon updating their WordPress site. But we hope, that this post has helped you see why WordPress update is necessary but also you should be ready for the consequences. Thanks for reading. If you have more concerns you can check our in-depth WordPress security guide.