This week we’ve seen three urgent update announcements for themes and plugins with one being removed completely from the WordPress repository due to security issues. Elegant themes even made their latest update available to anyone with an expired licence. Several of my developer contacts have reported hacked websites, malware and inappropriate redirects.
Often people think that the investment for a website is all about design and development but keeping everything up to date is just as important.
WordPress core is often updated to prevent security issues and your plugins and themes need to be kept up to date too, even standard themes that aren’t active on your site can pose a security risk. Not updating your website can not only lead to problems with the ways it works, site visitors being exposed to malicious code and viewing scary warnings from browsers but will also impact your website visibility (SEO).
How to ensure your WordPress site is up to date
Install a security plugin
Sucuri specialises in WordPress security and provide both a free and premium plugin to monitor sites and assist in recovering sites that have been hacked. The plugin monitors your site for potential security vulnerabilities as well as scanning for malware and hardening overall security of your site.
Wordfence is a free and premium plugin offering a firewall and malware scanner developed to protect WordPress. The Wordfence firewall identifies and blocks malicious traffic and any requests that include malicious code or content as well as limiting login attempts and enforcing strong passwords. Core files, themes and plugins are scanned for malware, spam, redirects and code injections. This plugin also alerts you to security risks and will let you know of any Core, theme or plugin updates required.
Use well-supported themes and plugins
Whenever you think about extending the functionality of your website with themes or plugins, look for something that is updated often and has active support. If a plugin hasn’t been updated for more than 6 to 12 months I would not install it on a site and look for another option. If you look in the WordPress repository for plugins a warning will show if there have been no recent updates.
Why back up your site often? Well if you’re updating your site regularly you will most likely come across a situation where a plugin or theme causes a conflict and your site will stop working. Restoring a backup until you can troubleshoot the issue or get a developer to help, is essential. The backups also give you peace of mind in case of your site being hacked, should the worst happen, your valuable website will be safe and can be restored to an earlier version. If this happens then it’s time to take a good look at your site configuration and eliminate any security threats. Your ability to create daily backups may depend on your website hosting, many hosts offer this service as part of their hosting packages or you can use a WordPress backup plugin to help with this.
How often to update a WordPress website
WordPress updates are frequent both for security and introducing and improving features. They offer auto-updates but I’d recommend against this as incompatibilities with your theme or plugins could break your site. If you use a plugin such as Wordfence or Securi then you’ll be alerted when updates become available for anything on your site, from WordPress Core to plugins or themes. Sometimes an important plugin will become incompatible with the newest version of WordPress, if it’s developed by an active team they should make you or your developer aware that updating will cause issues.
Updates don’t take long but dealing with broken sites can be time-consuming if something goes wrong. If you’re not happy taking care of the technical aspects (or those handy warnings to back up your files and database before updating give you a scare) then you may want a professional to look after this aspect of your website.
How to make updates to WordPress, Themes and Plugins
WordPress core and most plugins can be updated directly in the WordPress dashboard, it’s as easy as a few button clicks (so long as you’ve made a backup of your site files and database first). Some premium plugins and themes may require you to input your purchase code to enable updates, you may need an additional plugin or should be updated by uploading the new files directly to your server through FTP (file transfer protocol).
Want someone to take care of this for you? Get in touch and we’ll chat about what you need.