Wondering whether you should update your WordPress site regularly? Did you know that over 80% of the websites that are hacked is because they were not being updated? Say you have created a site and then forgotten all about it. The numbers tell us that if you are not updating your site, you are putting your website at risk.
We are not talking about this to scare you but to highlight the fact that security is not dependent on the software alone. Security is complicated. Your site needs to be looked after and managed from time to time. Moreover, there is no such thing as absolute security. The least we can do is work to reduce the risk of a security breach. That is where updates come in. When you receive a notification for an update on WordPress, it could mean that a vulnerability has been detected. To fix that, an update has been released by the developers. When website owners avoid such updates, they are allowing hackers to use the vulnerability to break into your site.
One of the best parts of building a website on WordPress is that you can use plugins to add features to make your website more interactive. WordPress is a fairly safe environment. It is the world’s biggest and most popular content management system empowering over 60 million websites. WP is being managed by the best talents in the world but what about the plugins and themes that you use on your website? Research shows that a majority of hacks occur because of vulnerabilities in the plugins or themes.
If like us, you love to try out new plugins, you must have come across plugins whose updates are few and far between. Plugins and themes are bound to have issues. When these issues are discovered, developers quickly release a patch to fix the issue. Themes/plugins that are not being updated from time to time, are not being maintained well. Such plugins are weak and could become a target of a hack.
WordPress is all about community. Hundreds of thousands of contributors volunteer to strengthen the security of the CMS. WordPress offers an excellent platform for responsible disclosure of issues. There is even a bug bounty programwhere they offer rewards to security researchers for finding flaws in WordPress, BuddyPress, bbPress, etc. This helps strengthen the platform
Do you think your website is too small to draw a hacker’s attention? That’s a mistake because hackers rarely target a single website. Also, a big website is protected by the best security systems and are therefore hard to break in. Small websites tend to have weaker website security because the site owners think their site is not important enough to be attacked. Hackers are scanning millions of websites on the internet using their automated tools. They search for sites running vulnerable plugins or themes or out-of-date WordPress. Small websites, these days are more vulnerable to a security breach than the big ones. It’s been reported that 43% of cyber attacks target small businesses. Even more horrifying is the fact that 60% of these small companies go out of business within six months. You could be one of them if you are not vigilant!
You must be wondering, what can you do about this growing threat? The answer is simple: you will have to take all necessary precautions to save your site. We’d suggest that not only should you regularly update plugins and themes but also periodically check if all the plugins in your site are being updated from time to time. We strongly believe, it’s better to get rid of the plugins that are being neglected by their developers for a long time. We’d suggest the same security measures for the theme that you are using.
For some of you who are thinking about WordPress’ own security measures like firewall or WordPress firewall, give us a chance to illustrate why the firewall is not always effective. Originally, the term firewall means a barrier that prevents the fire from spreading across a building making it easier to contain and eventually extinguish. In the same vein, WordPress firewall is a protective measure for WordPress sites. It helps in hardening the security of the site against various kinds of cyber threats. But firewall can’t guarantee a site’s security. They are often temporary measures and can’t keep all evil-doer at bay.
Therefore updating your website can go a long way in saving your site. But, remember when we said security is not an absolute thing, earlier in the post? Here are a few problems that you can face when updating your WordPress, themes or plugins:
Issues That Can Crop Up While Updating a WordPress Site
1. Updates Can Break Your Site
Updating a theme or plugin today is a one-click journey. But any experienced person will tell you that you need to be careful before pulling the trigger.
You have built your website around a version of a theme or plugin that was available at the time. When a new version of the theme/plugin is released, you’d expect it to behave as the previous version did. But that isn’t always the case. Developers try to make sure that the new version of a plugin or theme is compatible so as to ensure that website build on the previous version is intact. Unfortunately, sometimes things don’t work out as one desires. Between version changes, the software can become incompatible. And therefore, updating a theme or plugin ends up breaking the site. You’d be surprised to know that this isn’t limited to obscure plugins alone.
WooCommerce had a major release a couple of years back that caused a lot of problems for e-commerce site owners. They had built their website using the previous version of the plugin. The new update was not compatible with the older version that leads to causing several issues.
The problem is further amplified when the new version contains security fixes along with some major enhancements. One example for this that comes to mind immediately is the RevSlider plugin. It had a vulnerability which led to thousands of WordPress sites being compromised. The fix was presented in a major update which in turn caused websites to break. It was a catch-22 situation. And left many sites scrambling to find new alternatives or to build their sites all over again.
2. Updates of Premium Plugins Are Becoming Expensive
The whole point of paying for a plugin or theme is to get a better service, right? Say you require a plugin for your WordPress site. You pick a trial version of a plugin that you think fits your bill. On being satisfied, you upgrade and become a premium user. As a premium user, you are getting crucial updates and support from the developers. It may happen that while making that upgrade, it was not communicated well enough that you need to renew the licenses on a regular basis (perhaps, on a yearly basis). And after using the plugin or theme for a year, you find out that you need to renew your license again. If you don’t renew the license, you will lose out on the updates. Unfortunately, many website owners are not able to renew the license of premium plugin and themes for a number of reasons.
Earlier premium themes and plugins used to come with lifetime updates. Of late, the trend has been shifting towards subscription model where you subscribe for a year and then have to renew your license the next year. The increasing expense of maintaining a site is disappointing, especially since you had not anticipated it.
3. Many Premium Plugins/Themes Don’t Notify About Updates
Throughout this post, we have been emphasizing why updating your WordPress site is so crucial in maintaining the security of the site. We have also mentioned how easy it has become to update plugins and themes these days. WordPress plugin repository automatically checks for updates. So as the developers release a new version of the plugin, you are immediately notified. All you need to do, is be vigilant and visit your site every day to see if there’s an update available. One click and you’ll be able to initiate the updating process.
Most premium plugins, however, are not present in the repository. Some of these plugins have auto-update functionality like the ones in WordPress repository hosted plugins. They tend to be easy to update. However, there are some plugins lacking the said functionality and do not have an easy way to update. So when the developers release a new version fixing important vulnerabilities and making major reforms, you will not be able to know about it easily. You’ll have to monitor their blogs and other such sources to discover when an update is available. Updating is so important in keeping your site safe but this additional hurdle makes the process even more difficult.
4. Themes or Plugins Are Sometimes Abandoned
There is an ever-growing repository of free as well as paid WordPress plugins and themes. People create themes/plugins for various reasons but maintenance is a challenge. Maintenance and support are directly related to the budget. Creating a quality software takes time and effort. Developers who are unable to focus on the product on a full-time basis may eventually lose interest in it. Moreover, if the theme or plugins is not being regularly updated, vulnerabilities are going to creep in and less and fewer people are going to use it. Fall in the popularity of a free theme or plugin may also result in plummeting of interest for the creators.
Some plugins or themes reach a natural end-of-life where they are abandoned by their developers. Some of these are very popular, created by reputed developers. An example would be the Canvas theme by WooCommerce. It was EOL’ed, following which the developers were encouraged to look for alternatives
5. Manually Updating is Not Feasible if You Are Running Multiple Site
We assume some of you reading the post are running more than a single website. You probably have to deal with updating your sites several times a week, which is why you are reading whether updates are important for your site’s security. And we have told you it is! That didn’t solve your problem, did it? While several free or even premium tools don’t offer automated functions, there are a few (good ones) that do. To mention some, tools like BlogVault or ManageWP or MainWP helps automate updates and maintain your site. We suggest you take a look at them and use them for hardening the security of your WordPress website.