I saw something interesting from WordPress today…
Improvements to WordPress.org (wordpress.org)
We’ve made huge improvements to our statistics. This gives us more useful information about the WordPress versions people are using, their PHP version, and their MySQL version.
Already these new statistics have provided us with useful insights into WordPress usage.
More than 43% of all sites are running the latest version of WordPress. Previously, we thought only 10% of sites were up-to-date. By excluding sites that are no longer online we were able to improve these statistics.
Close to half of all active WordPress websites are up to date. I guess you could look at that as either “glass half full” or “glass half empty” right? I hate to be a Debbie Downer but…
This also means that 57% of all WordPress websites are NOT running the latest version of WordPress. That actually doesn’t sound too good at all.
And WordPress plugins and themes get updated all the time. There hasn’t been an WordPress update since February 18, 2015 – which is going on 2 months. That’s a long time in the website software world.
CMS Usage Statistics (trends.builtwith.com)
and if over half of them are not up to date with the latest WordPress core software that’s about 2 months old, then that’s pretty bad, actually – alarming!
And, your software is only as strong as its weakest link, so if plugins aren’t update (there were many updates in the last week), then the chances are good that your WordPress website is not up to date.
That’s a problem!
What Do You Risk When Your WordPress Website is Not Up to Date?
You risk a lot, actually.
- Your business reputation
- Online sales and leads
- Legal risks for your website sending out spam/junk email or hosting phishing schemes
- Most costs to clean up a hacked website
Gone are the days when you could just think about a Yellow Pages ad once a year and then check that off your list. Your Yellow Pages ad is now a website and it’s pretty much a living and breathing thing that needs care and upkeep. If you neglect it, you’ll pay for it later – in some form.
All Websites Have Hack Attempts Daily
This might be news to you but basically every website out there has multiple hack attempts on it daily. If you have a website, it most likely has faced a hack attempt today already.
I see it all the time. We have website firewalls and security plugins running and you see how there are login attempts all the time. If you look at website log files, you can see automated scripts running, trying to see what website software your website is using and then it’s trying to exploit any known holes.
The best thing you can do to defend against these attacks is keep up with your website software updates.
Here’s how it works… a software publisher (like WordPress) comes out with an update. Most updates have security fixes where known holes are fixed. No software is secure, so new ways in are found all the time. In order for a hole to be discovered, someone has to discover it. Hackers have copies of WordPress, too, since it’s free to download. They look through it and find weaknesses and then figure out how to use them. All of this happens BEFORE WordPress comes out with an update.
Once a hole is fixed, hackers have to go and find another one but they’re not going to spend time doing that if there are enough websites out there that still haven’t been updated to fix the known holes – they’re just going to use those known holes to get in.
This is why that 57% number is SO bad. That’s a LOT of websites that are not up to date – basically about a 1/4 of the websites out there.
What Do You Do?
You need to make sure that your website software is up to date so that hackers take a look at your website, see it’s updated and then move on to the next website. You need these updates done:
- WordPress Core Updates (8-10 per year)
- WordPress Plugin Updates (weekly)
- WordPress Theme Updates (monthly)
That’s right – you need updates done WEEKLY to your website. Has anyone done this to your website this week yet?
A cool thing with WordPress is that they’re making it easier and easier to do these updates.
You’re able to do these updates yourself in WordPress but when you do, you want to make sure you test the website right away because there’s a chance that something could go wrong. In fact, I updated one of my sites yesterday morning and the update crashed the website. I was updating plugins. One plugin clashed with another one and all I could get on the screen was an ugly error message. I was able to fix it right away but I knew what to do.
For this reason, we do not suggest that our clients try to do WordPress updates themselves… unfortunately. It’s because you never know what can happen. Still, with WordPress making it easier, it takes us less time to do them and then do testing, so that’s still good.
Here’s the update procedure that we follow when we do this work for our clients:
- Take a backup of the entire website and database (or make sure one is available).
- Run the WordPress core software update and watch while it runs.
- Check the website to make sure it works.
- Run the WordPress plugin updates and watch while it runs.
- Check the website to make sure it works.
- Run the theme updates and watch while it runs.
- Check the website to make sure everything works – test forms, pages, links, etc.
- Fix any issues that have come up.
- Check the website again.
- Write up a report and deliver the work.
You must take care when doing WordPress updates. Things can go wrong – for sure.
Your business or organization website is vital to your success. All advertising now points to your website and it’s very often the first impression people get of your business. When it’s not working right or sends out spam in your website’s name, the good first impression you had is suddenly the complete opposite – all because regular updates and maintenance were not done.
I’m not trying to scare you but make sure you understand the responsibilities that come with owning a website. It’s not a “once and done” kind of thing – it needs regular updates, all the time. If not, you’ll pay for not doing that sometime in the future… that’ll be in the form of lost sales, a bad reputation or something like that. Why risk that?
Contact Webstix today about making sure that regular website maintenance is being done to your website so that you have peace of mind and a solid reputation.