WordPress is used by 26.6% of all websites out there. If you've visited 4 websites today, you've probably gone to at least one WordPress website. That's a lot of WordPress installations and this tells us a few things. First, it must be good if a lot of websites are using it. Second, since it's being used so much, it must logically be a big target for hackers.
Keeping the core WordPress software, all plugins and theme files up to date is the best way to help prevent your website from being compromised. When we see a website that has been hacked, we usually see lots of plugins not up to date and WordPress is usually a few versions behind. It almost never fails.
Most website owners who aren't in their website adding content regularly typically just pay attention to it when there's a problem or issue. That problem or issue might be that they got an email saying it needs to be upgraded or it was compromised. Only then do they take the time to update everything. That's not optimal. Ideally, updates should be done weekly. If a good amount of plugins are being used, then there's a higher chance that an update will come out soon. If it's a security update, then the entire website is vulnerable since it's only as strong as its weakest link, right?
To help websites stay more secure, WordPress came out with automatic upgrades. When there's a new version out of the core software, your website will get automatically upgraded... most of the time. Yes, it's only for the minor versions and not the major versions. We see major versions come out once per quarter, typically - so 4 per year. In total, you're looking at about 10-12 WordPress core software upgrades per year.
When the automatic upgrades happen, you get the latest version of WordPress installed and any new features and security fixes. So that's good... but there can also be some problems.
Automatic security upgrades sound great, so why would there be problems? Well, there are a few things to be aware of.
First, when these upgrades are done, WordPress does not automatically take a backup of the website files and database. If there's a problem with the upgrade, you could have a problem rolling things back. Your website could be down and the latest backup might be too old. Sometimes some new changes can break plugins or other site features. Even though your website may be running, there might be some features that you don't see at first glance that do not work anymore.
Related to the point above, when an upgrade is done, the entire website should be tested - by hand. Yes, either you or your website developer should test your website. You need to make sure everything works fine. We've seen instances where something important like a contact form no longer worked after an upgrade and the website owner didn't find out about it for months! They lost a lot of leads and business!
If you have some customization done to your WordPress website where the customized code does not reside in a plugin or in the theme files, then you'll lose that customization. This results in features of your website that no longer work or even your entire website.
To help ensure your website using WordPress stays healthy, maintenance must be done. All software on the website should be updated and tested weekly. There is no set schedule for plugin updates. They come out whenever the developer of that plugin is able to release it. If a plugin has a hole (and we've seen some severe ones - there are a few a year) and a new version comes out that fixes it but you don't apply that fix for weeks or months, then your website (and business) is at risk.
Before the update, take a full backup of all the files and the database. Store that backup in a safe place. If there is a problem after the upgrade, you may need to go back to this version while the problem can be sorted out.
After the update, test the entire website. This means test each function of the website. Does the home page work? Does the blog work? Do other pages work? How about the contact form? The store? Just test every function to make sure there are no problems. Initially, a checklist should be created showing all the functions to check. This list must be kept up to date.
You can even take this a step farther and check the error log file (found with your hosting) and look for any errors reported there.
Your website is very often now the first point of contact your prospects and customers see. People are first checking out your website before calling or contacting you. If your website is down, is difficult to use, takes forever to load or contains a virus, then you just blew your opportunity to get a new customer.
So no... websites aren't "just websites" anymore - they're a very important part of most businesses today. If this fact isn't reality yet, then you haven't felt the impact yet. That might be good if you've never been hacked or have had problems (and maybe you're keeping things updated - good!) but if you've just been lucky up to this point, then you have to plan on that luck eventually running out at some point in the future. Will it be next year, next month or tomorrow? You don't know.
If your business website is a priority, then consider using our Website Care program.
For one, low price, you get your website manually checked every week. The first thing we do is disable WordPress automatic upgrades. This way, they cannot interfere and cause problems.
When we update core software, we first take a backup of your entire website and database. Smart, right?
We perform the updates and then we test your website to make sure everything works fine.
The program is affordable at just $49 per month. That's 4 times we check your website every month, so just $12 per manual check. If you go with the $529 discounted yearly payment, then each time we manually check your website goes down to $10.
Think of it as website insurance, kind of. Sleep better knowing your website software is up to date and keep your business' reputation in good standing.