
Keeping Your Website Secure
How Often Should You Update WordPress? WordPress is an incredible platform for developing websites. I've been using it for close to 14 years now as my go to CMS. It's flexible and powerful. Having said that the very things that make it incredible can also make it vulnerable. Managed well though, this is nothing to fear. It's only when we ignore the basic maintenance of the software that runs WordPress that things get problematic. So, what is that software?
WordPress Core, Plugins and Themes
A basic understanding of the structure of a WordPress site helps to highlight where vulnerabilities can occur. There are 3 areas you need to be aware of:
- WordPress Core
- Plugins
- Themes
1. WordPress Core
At the heart of WordPress is the core. This the software that is initially installed when you install WordPress, and is a part of every WordPress site. The core is regularly updated as improvements are made to functionality and new features are added. It is also updated to patch security issues as they are discovered. These security patches are of particular importance.
2. Plugins
Every Website has a uniques set of requirements. To try and have all the code required to cater for these requirements in the core would be impossible, not to mention making the code enormous and clumsy. So to keep a website running as lean as possible, additional functionality can be added in the form of Plugins. Plugins are code that interact with the WordPress Core to extend its functionality. Just like the core, plugins are regularly updated to extend functionality and patch security issues.
3. Themes
Every WordPress website has a theme. This is code that determines the layout, or look, of the website. And guess what? Themes are as updated with functionality and security patches too!
So, how often should you update WordPress then?
I'm not sure there is a definitive answer to this, but you should have a regular process in place to check the current status of your core, plugins and themes. I have all my sites on a weekly schedule of automated updates. But, be warned! Updates can break a site! Not often, but it most definitely can happen.
Not all Plugins are Created Equally
There are currently, at the time of writing this article, in excess of 58000 plugins to choose from. These plugins are developed by 3rd party developers, and they range in quality. Sometimes things go wrong and plugins conflict with each other, or even the WordPress core. This can lead to unexpected results! Like the dreaded white screen of death!
Backup Before Updating!
So, before you do any updates, whether it's the core, plugins or themes, make sure you have created a complete backup of your site. There are a number of ways to do this, but that a whole other article. I use an automated system called managewp.com to do my backups, updates and various other tasks. No matter how you achieve it, don't skip the backup!
In addition to my weekly schedule I keep a lookout for any urgent security issues, for example, I subscribe to services like WordFence to keep me informed. This alerts me to individual issues that I may need to address urgently in a manual fashion, like an urgent patch to a specific plugin that's just been released.
In short, keep an eye on updates and do them as often as possible.
Why Should I Update Though? Won't My Site Keep Working?
Look, you might get lucky for years with an old WordPress core and out of date plugins and themes. I know of several sites right now that haven't been updated in forever! Obviously these aren't sites I manage. To date, they've been lucky, but it's just a matter of time. It's a roll of the dice! Out of date software that has potential security exploits is a great way to get hacked. And nobody wants or needs that! So yes, your site may not stop working if you don't update it, but you are risking your business on a wing and a prayer! I've also seen many sites hacked with software that is only months out of date. I just don't take that risk.
Here's an example of a release in the last 24 hours from WordPress.
WordPress 5.7.1 is now available!
This security and maintenance release features 26 bug fixes in addition to two security fixes. Because this is a security release, it is recommended that you update your sites immediately. All versions since WordPress 4.7 have also been updated.
Note here that even previous versions if WordPress have been patched. So even if you for so specific reason want to stay with an old version, you can still apply security patches.
Summary
A regular update program for your website is vital to keeping it running smoothly and free of security issues. As an important part of your marketing, it's worth considering having someone manage the site for you to ensure updates are being managed and backups are taken care of. Experience has taught me that it's never an issue, until it's an issue! And then it's a disaster!
PS. This applies to all CMS software, not just WordPress!

David Fuller
CEO - Rough Diamond Academy
For over 21 years David has been building websites for clients. In 2013 he pivoted from running a web design agency to working hands on with clients to help them build their businesses by reaching their ideal clients. Going beyond the website. The experience of working at the coal face is the foundation of The Rough Diamond Academy. Real life experience for real life businesses. It starts with building a site, but that's only the beginning!