WordPress is sophisticated software, and as mentioned earlier, every software has bugs which can be exploited.  But as long as WordPress enjoys widespread support, these bugs are discovered and patched.  However, this only benefits you if you have the latest version installed in a timely manner.  Most times we see problems with WordPress sites, they are badly out of date.  So it's important to make sure your Website is regularly updated and this means more than just WordPress core, you most likely have plugins that add various features to your site, and they must be updated as well.

A really nice feature in WordPress version 3.7 and newer is automatic updates.  This is turned on by default and can be configured to specific types of updates, such as security updates only.  But because these updates can potentially ( and very rarely ) break existing functionality, it is important to make sure you are backing up your site, just in case.  If you site is not on WordPress 3.7 or newer, then you should update immediately.  Run, don't walk.

Great, so you are getting automatic updates to WordPress, you are covered, right?  Wrong.  Your plugins are not automatically updated.  Once again, the fantastic WordPress community has stepped up with a plugin that will automatically update WordPress plugins.  The is not a panacea though, as it can not update themes or plugins that are not hosted on WordPress.org.  That means 3rd party plugins such as premium plugins and themes, or custom plugins and themes.  And if you bought your site from us, you have a custom theme.  

This makes matters a little more complicated.  If a WordPress update breaks functionality you paid for, you will need to contact the developer and see if they have an update.  In the case of custom themes or plugins, you will likely need to pay for the update, which would include any sort of troubleshooting and testing.  Most basic WordPress sites we build use relatively simple themes ( from a development perspective ) and should work just fine after updating WordPress, but we have seen circumstances where updates break little things that can be quite annoying.  If we built a site for you that has more complex functionality that requires the use of custom plugins, it is a good idea to pay for continuous maintenance, staging and / or development resources.  This provides us a platform to continuously update and test your site's functionality and minimize down time due to updates.  

To summarize:

  • Update WordPress, use the auto-update features.
  • Update WordPress plugins.
  • Backup before and after updates.
  • If you depend on custom functionality, consider maintaining a development environment. 

One of the keys to keeping your WordPress site secure is to make sure you are updating on a regular basis.  Just because WordPress now updates automatically doesn't mean you don't have to pay attention to your WordPress updates.  Plugins, themes, and any custom code needs to be updated as well.  And always make sure you maintain backups.

If you have questions about updating WordPress, please feel free to comment below or contact our WordPress experts.