Our five-minute guide to WordPress updates
A large number of MXMG clients use the WordPress platform for their websites. This isn’t surprising though, as the WordPress content management system (CMS) powers more than a quarter of all websites worldwide – that’s almost 75 million. It works on any scale, serving individuals who want a simple blog and businesses that need a site with integrated commercial functions, from small SMEs to some of the world’s biggest corporations.
Keeping all those websites running at optimal performance levels, means that WordPress developers frequently release updates and fixes to upgrade the system. This could be simply to accommodate new features and widgets, to fix bugs that have been identified, or to address a security issue.
Now, how many times do you get an update notification for a device, or operating system and click “try later” or “not now”? It’s a pain, isn’t it? Especially when all you actually want to do is have a quick browse, or post a blog…
When it comes to WordPress sites, when an update is released, people often ask a) why it should be installed, b) what it does, and c) if it’s really necessary?
Generally, for all types of updates, the answer to c) is yes; for a) and b) though, the answers vary depending on the type of update, so let’s take a look at them.
With the sheer numbers of WordPress-based websites around the world, all using a common CMS; it’s an obvious target for hackers. Whether it’s an organised group, or an individual, hackers actively seek out any vulnerability that could theoretically give them access to a huge section of the online world.
Security updates are how we defend against them.
For context; imagine a wall; not that one… Let’s say this wall is around your house and you live in a street from ‘The Walking Dead’. As time goes by, the wall needs maintenance and repairs so it stays strong and keeps the zombies out. If the maintenance isn’t done and part of the wall begins to crumble, the zombies will exploit the weakness, attacking it until they break through and then there’s running and screaming… it doesn’t end well.
WordPress security updates are the equivalent of the maintenance. The zombies are the hackers. Do you get the picture?
Once a vulnerability is identified, a security update is released as soon as possible, in order to quickly eradicate the risk to users. An important point to remember, is that when a new security update is released, it immediately publicises the vulnerability it’s designed to fix. This means that taking swift action and getting the update installed as quickly as possible is essential.
The vast majority of WordPress sites that fall victim to hackers are those that have not installed critical updates.
Fixes and Minor System Updates
Some updates are designed purely to keep the CMS operating efficiently, these are also known as patches. They tend not to be security-related, nor do they add new features to the CMS. These updates bring the software up-to-date and fix any bugs that have been discovered. Occasional security issues will be addressed alongside the other fixes, but primarily these updates are scheduled and sent out to plan.
Updates to Plugins
Plugins are specialist pieces of code that are integrated into the website platform to enable specific functions. They could be to collect user information for a distribution list, or enable businesses to sell online.
However, these critical tools can also become a security risk if they’re not kept up-to-date and it’s vital to have the latest version of each plugin installed.
Major system updates
The WordPress core CMS is also updated periodically, with new versions released that can incorporate huge changes to the platform. This is where new features and complete changes to the user experience may be installed. These updates are usually planned well in advance and announced ahead of time.
Sometimes website owners are wary of core updates, as it is possible for them to have a significant impact on the function of a website. This is why we recommend a full back up before installing major updates and structured testing after one of these updates is installed.
In conclusion, updates are released either as part of a scheduled programme, or in response to a risk being identified.
- Security updates are released as they are needed and are vital updates, which should be installed at the earliest opportunity to ensure a known risk is not exploited.
- Patches fix bugs and help to keep the system running efficiently. These updates are released to a timetable and may also include any required security updates that have arisen at that time.
- Updates to plugins are essential to make sure a security risk does not emerge, as a result of not having the latest version installed.
- Core updates incorporate major changes to the CMS and can include new functions and features. These are released as part of a scheduled plan.
We can work with you to keep your website secure and efficient, find out more here.