Why are WordPress/plugin updates important?
Anything that is connected to the internet, our most famous public network, needs to be secured. Whether it’s a server, an Internet-of-Things device (IoT), or just some plain old software itself. People and machines are constantly on the lookout for easy targets to attack, for all kinds of reasons. It may be a targeted attack, or it may simply be that your website is running on the next IP address that the automated attack is targeting (and nothing relating to you, or your site specifically). In many cases, WordPress (and other websites) are targeted for a number of various reasons:
- To assist in globally distributed denial-of-service attacks
- To help spammers send mass unsolicited email
- To provide a springboard for SEO spam – lots and lots of rubbish pages, all linking to a scammer’s website to help boost the search engine ranking
- To access a shared server (often containing 1000s of other sites, all ripe for attack)
- …and so on
The reasons why are not always clear or obvious, but one thing is for certain – if you leave yourself open to attack, it’s only a matter of time before you become a victim of one. It’s not if… it’s when. So keeping everything up-to-date is crucial! The WordPress core development team works very hard to ensure that any security issues that are reported are fixed, as soon as possible, and are delivered to users around the world before problems can spread. A major issue here is that many users do not act on these update requests, and their sites/servers/systems continue running – seemingly happily, but wide open to the world, just waiting for an attack.
With any WordPress site, there are bound to be a number of different parts to the overall code base. There’s the WordPress core, developed by the core WordPress development team (all open source and unpaid, mind you!); then there’s the WordPress theme itself that your site is running, no doubt developed by a third-party developer; and finally there are a range of plugins that are running to provide your site with the additional functionality it needs to suit your needs. Each of these elements runs a separate block of code, and each can require an update at different times. This also means that any one of these components could be vulnerable to a potential attack, or have an impact on your site if updated (and functionality is removed or changed).
Why does WordPress/do WordPress plugins get updated so often?
The core WordPress development team is very proactive in ensuring that security issues are patched and updates are released. This is the major cause of updates flowing through to your WordPress site, but because you also likely have a number of plugins installed (and potentially a few themes), the number of developers involved (in total) is fairly large – resulting in a large number of updates being pushed to your site. It can be a frustrating thing – have more updates to do each time that you log in to WordPress, but as little fun as it is, it’s crucially important that the updates are completed as soon as is practically possible after their release.
The WordPress core updates go through a significant testing stage before they are released to the public, but theme and plugin updates don’t often have this same level of security in terms of knowing that what is released is going to work every time. There often needs to be a balance between having the most bleeding-edge code, but also ensuring that the code is rock-solid and not going to cause any issues on your site when updated.
Don’t believe WordPress gets updated that much? Take a look at our news feed for a simple example of how that’s not the case… then add all the plugin and theme updates on top of that, and you’ve got a serious number of updates to keep track of, and keep updated!
Why can’t I just run updates myself?
You can! …and you probably should! But nobody really wants to worry about that, and especially not if you have to worry about what potential impact running an update might have on your site. In the case of many of our clients, they don’t actually have a need to log in to their WordPress administration/management section all that often. Their content is relevant, but doesn’t need to be touched all the time – and they’re busy running their business… who has time to log in and update software? Not them, that’s for sure.
If you’re someone who often logs in to WordPress to see a little (1) or perhaps a number slightly higher next to the Updates button, this should be ringing true for you! What is stopping you from running those updates? Perhaps it’s simply a lack of understanding as to how important the updates actually are. Or, perhaps, it’s a fear of what running the update might do to your perfectly working site. With so many updates being released, and so much new functionality being added (and old functionality being phased out), who knows what might happen when you press that update button!
These are all real concerns, and very valid ones too. That’s why we’ve tried to tackle this problem for you…
A better solution: Update Magic
Update Magic is our newest addition to the backup and update suite of functionality built in to WordPresto, meaning that your updates will never be waiting for you (they’re fired off automatically so you don’t have to worry) – but, at the same time, you’re protected in case anything during that update process goes wrong. Here’s a little explanation of how the process works – remember, you don’t have to do any of these things (except sign up for WordPresto, if you haven’t already!):
- WordPresto receives notification of a pending update
- Our management team completes a snapshot backup of your site, protecting you from any issues that may arise
- The update process is run, automatically, and then the site is compared visually to ensure nothing appears broken
- We run a few simple HTTP response tests too to ensure the site is responding correctly, and if all happy, your site has successfully been updated!
What if something went wrong though, and a plugin update (for example) broke your site? Easy. Because we took a snapshot before the update was completed, we can simply roll back to that point, and then get in touch with you to work out how best to resolve the issue – all while your site is still up and running. If you’re on one of the higher WordPresto WordPress management plans, we may even have some support hours included, and can simply resolve the issue for you, and get back to managing your site.Back to All Features