I was asked the following question today:
Would you recommend that whenever a WordPress update is issued its users should upgrade their website immediately?
My answer is a resounding YES.
Why Update WordPress?
WordPress updates are often issued for the purposes of fixing potential security issues. My favorite podcast, SEO 101, recently noted that if you do not update your self-hosted WordPress software frequently, you are just about guaranteed to get hacked at some point.
Say “Bye-Bye” to Google!
When your website gets hacked, not only can you lose valuable content and prospects, you can also lose your position in search engine rankings. Google de-indexes sites with malicious code on them, and if a hacker places such code on your site, you can say “bye-bye” to your placement in Google.
So, YES, YES, YES! Update your WordPress software AND plugins immediately whenever possible.
Plugins need to be updated, too?
YES, WordPress plugins are also a source of security holes, often more so than the WordPress software itself. Make wise choices when installing plugins (only choose those with a lot of positive reviews), and update them frequently.
There is also a WordPress plugin called “WordPress Firewall 2″ by Matthew Pavkov that is supposed to help thwart security breaches on your site. It has a lot of good reviews, so it wouldn’t hurt to put that on your site just in case.
“But I’m Afraid I’ll Break It!”
A valid concern many people have is the fear that strikes their hearts when they go to click that “update” button. Sometimes updates aren’t compatible with existing themes or plugins on a site, and the updates can cause issues. WordPress does not provide an easy way to “roll back” updates, so it can be scary to go ahead and press that button.
It doesn’t have to be that scary, though. Just back up both your site files and database prior to updating and you will immediately be able to roll back updates if they cause issues.
There are plugins to assist with back ups, or you can enlist a wordpress developer (ahem, me) to back it up for you and be on standby to roll things back “just in case”. Many developers (ahem, me) offer a monthly service to take care of your WordPress updates and backups for you, to ensure that your site (and Google rankings) stay as safe as possible.
A big thank you to Ruby from Hill PCI Group and Chris from Acme Control Service for the great discussion that spawned this post. Follow them on Twitter for more great conversation: @HillPCIGroup and @AcmeControls
Your Experience? More Questions?
Please share your experience with WordPress updates, plugins, or website security breaches in the comments below. Have more questions about this? Put them in the comments below, too.