WordPress is a great platform for building websites and it’s fairly well known that keeping your WordPress site secure is very important.
Another way to protect your site from attacks is to make site that all of it’s components are up to date. There are nasty people who dedicate a lot of their precious time to finding vulnerabilities in all website platforms in order to cause harm. Thankfully there are also a lot of good people who work hard to identify vulnerabilities and fix them.
There are 3 main components to any WordPress website:
- WordPress Core – the standard set of files that make WordPress what it is.
- Themes – the files that make your site look the way it does structurally
- Plugins – additions that add functionality such as forms, backups, SEO help and Google Analytics
WordPress Core is updated by the WordPress development team using a very robust process. Typically a large part of any given update is to do with addressing security vulnerabilities.
Themes and Plugins are additions to WordPress created by the full spectrum of development outfits from well organised teams to single, part time developers. What this means is that some themes/plugins are very well made, robust and secure. Others are none of these things. The themes/plugins that come from good development outfits are updated more frequently to keep up with security standards.
As a WordPress user, it’s pretty easy to keep things up to date on the face of it. In most cases you can login as an admin and click a few buttons and you’re done. The problem is that occasionally, one of the things you update will conflict with something else and your site will stop working. This only happens about 5% of the time on average, but when it does happen it can be very very difficult to fix.
There is no “undo” option with updates – once they are in place the only way back is to restore your site from a backup or restore a previous version of whichever theme/plugin you have just updated. If you updated 6 things at once though – you have no idea which one(s) caused the conflict and unless you are pretty knowledgeable and have access to your web server, you won’t be able to fix it anyway. This is a very bad place to be because your website is broken and you have no way to fix it, so it’s important to have the support of a developer. I typically manage all of the updates for customers with WordPress websites. The process is to take a full file and database backup and download this, then run the updates one at a time. If there are any conflicts I can step back using a backup file and proceed from there.
Updates typically happen every few weeks for popular plugins, so this means that a given site with 5 or so plugins is likely to need to be updated once every 2 – 3 days. It’s a lot of work but it’s worth keeping on top of updates to keep your site secure.