We guess the reason you are here is because you are running a WordPress website.
Even if you are not sure, you probably are: WordPress accounts for over 40% of the World’s websites and a whopping 65% of websites using a Content Management System!
WordPress is a great system – hence it’s popularity – but it’s popularity makes it a target for hackers – and there’s TONS of them!
A website hack is usually nothing personal. They happen because a bad guy is looking for an insecure webserver where they can install some nefarious code. We’ve all seen examples of this – spam emails for fake Viagra or scam emails telling you to send bitcoin. Sometime the code can be used to track what users are typing into your website – such as credit card details.
Forget ideas of the bad guy wearing a hoody sitting in a darkened basement – actually, a hack usually happens automatically. A bot searches for websites with certain characteristics or vulnerabilities and automatically exploits this vulnerability. Sometimes it can happen to hundreds of thousands of websites simultaneously (“Massive Attack Against 16 Million WordPress Sites Underway” Bleeping Computer, 10th December 2021).
One of the main vectors for attack on a websites is an insecure installation of WordPress.
If your website is infected with Malware, not only will your customer’s trust be damaged, but your ranking on Google will almost certainly be damaged too. In severe cases, your website may be de-listed from search engines entirely.
Luckily, WordPress.org release core updates on a regular basis, as do theme / plugin contributors. Keeping updated is usually quite straight forward. WordPress.org provide a guide to this process: “Updating WordPress“.
Essentially, there are three elements that need updating on a WordPress website: WordPress core (the WordPress system itself), the theme and the plugins. All of these elements can be updated with a few clicks, but we do recommend taking a backup first and reading release notes to ensure the update does not include breaking changes.
WordPress does now has an auto-update feature, but we recommend against using this for the most part as we do see instances of websites breaking due to automatic updates.
Apart from security, there’s other reasons to stay updated:
- New features are introduced all the time to WordPress Core as well as themes and plugins. Sometimes these features are cool additions that add new tools for your website management.
- Web standards change and your website is in danger of breaking if it does not support these. For example, many web hosts now enforce PHP 7.4 as the minimum server language. Many old installations of WordPress still use PHP 5. An update at the webhost will break these websites
- Improved performance – Updates of WordPress usually include performance improvements. These improvements can improve the website speed for visitors, and website speed is a ranking factor for Google and other search engines.
We believe updating a WordPress website is straightforward but we do recognise it can be a bit of a hassle too. We provide either one off WordPress updates or WordPress Maintenance Plans where we manage your website updates as they are released. If you’d like to chat to us about this and how we can help, contact us now!