If you run a WordPress website, I’m sure you’re aware of those seemingly pesky WordPress updates. It seems like every time you log in to your website, there’s yet another notification about another update staring at you, asking you to run it. What are these annoying updates, do you have to update your WordPress website and if so why?
The simple answer (and possibly not the one you want to hear) is “Yes”.
WordPress is the fastest growing CMS (Content Management System) with more 50-60% of the global CMS market. It runs 14.7% of the top 100 websites in the world. With that popularity comes great interest from hackers. Whilst built on a solid security platform, WordPress is a popular target for hackers. Just think about how many sites can be affected if hackers find a vulnerability in the latest version of WordPress.
In a study of 8000 infected websites, 74% of them were built on WordPress. 8% of sites hacked are due to a weak password. So make sure your admin password is strong and I also highly recommend not using the default ‘admin’ username for your admin access. You can make up your own admin username or if you use LastPass to manage your passwords (I highly recommend you use a Password Manager), LastPass has a secure username generator: https://www.lastpass.com/username-generator
There are actually some cool themed username generators out there that will give you a fantasy username with a theme like Harry Potter or Lord of the Rings if you want to add some fun to the process! I created a female elf name based on my actual name and got Rivorngwen which means Black Crown and Maiden/virgin lol. As a serious Disney fan, I’m going to have to start coming up with some Disney usernames to use on my sites!
Back to the topic of WordPress updates!
61% of infected WordPress websites have an out of date version installed. Wordfence (my favourite security plugin) reports up to 90,000 attacks on WordPress sites every minute! While this sounds scary, hacking can be avoided with a good security plugin, strong passwords and regular updates. Of course 100% security can never be guaranteed, but these steps will greatly minimise your chances of being hacked.
So what is with all these updates?
Well WordPress developers release new versions which include new features, bug fixes and security and performance improvements. Updating to the latest version protects you from any vulnerabilities in the earlier version. Ethical hackers (also known as white hat hackers) spend their time finding security holes and exploits in WordPress. These vulnerabilities get fixed with each new version. However malicious (or black hat) hackers use the reports on vulnerabilities that have been addressed in each version to find sites that haven’t been updated so they can use these very same exploits to hack vulnerable websites.
I’ve personally had new clients come to me with websites that have been hacked and cleaning them up and restoring them can be a nightmare. Some malicious code is very invasive and hard to detect/delete and restore the original site, if it’s even possible at all. It’s made worse if the site owner wasn’t aware of the hack for some time and even the backups they have of their site now contain the code.
Not keeping WordPress up to date with the latest security fixes is the most common reason sites get hacked, but protecting your site is as easy as performing regular updates!
Remember that it’s not only the WordPress Core files that need to be kept up to date. Plugins often contain security holes and themes also should be kept up to date. Updating WordPress sites is relatively easy, so you can do it yourself, just always make sure you have a backup of your site in case of any issues as updates can cause new conflicts with plugins and can cause some plugins or parts of your theme to stop working. If you are worried about these issues, it’s a good idea to have a professional you can call on who can fix any issues that may arise from new updates.
Not just Security!
Though important, security is not the only reason to keep your WordPress site updated. New releases usually include helpful new features. Some features make WordPress easier to use, some make things go faster and keep your site safer. Site speed is important for good SEO results. Keeping WordPress up to date can improve your website’s efficiency and speed, resulting in a better experience for your customers, which can directly affect your business’ revenue.
How can I help?
There’s plenty of free tutorials about how to update your WordPress core files/ themes and plugins, but if you have any concerns or need a hand, please do let me know. I have some great discounts on my hourly support/maintenance packages right now. For the month of February 2019, I’m offering 1 hour free when you purchase any of my maintenance packages (minimum 2 hours). Hours are valid for 12 months, billed in 15 minute increments and can be used when and as you need them. See my website for more details and use the coupon code “1hourfree” to get one hour taken off the price of the package.