Why you need to keep WordPress up to date

At Arcadian we often get asked if it’s necessary to update a WordPress site, or whether it’s ok to just leave it. The site is running fine, I don’t need any of the new features, is the common line. This is a perfectly understandable position to take, but one fraught with risk and likely to leave ageing websites quite vulnerable to hackers and data thieves, along with the degradation your site may experience as web browsers advance and your site is left behind.

Sites left with out of date software miss out on

• critical security patches to combat modern hackers
• fixes to existing bugs or problems identified by WordPress
• improved performance and gains in site speed and SEO performance
• compatibility with the latest plugins and CMS extensions available
• improved functionality and ease of use

The main issue with skipping WordPress updates is the increased possibility of being ‘hacked’ and exploited. This may result in web browser errors when trying to load your site saying “This website is not safe” to label in your Google Search Results saying “This site is hacked”. Regardless of which one shows, it gives a strong impression to your customers and potential customers that you are not a secure company and lowers their trust in you dramatically.

Additionally, left untended, any website will slowly get left behind in a number of areas relating to security, functionality, speed and performance. You’ll notice the site slowly slip down search engine rankings and traffic begin to drop off. Like a car without regular servicing, the site will slowly start to degrade until something goes critically wrong – costing you time and often serious money to fix when it does.

WordPress is the world’s most popular website platform, powering almost a quarter of all websites. The platform is a blessing for those looking for something incredibly easy to use, simple to install and cost effective for development. Given it’s popularity and widespread use, it should be no surprise that the dodgiest people on the internet are also quite aware of it. As freely available, open source software – WordPress is quite easy to get your hands on. According to Forbes (source: https://goo.gl/jxDs2B), around 30,000 websites are hacked a day. WordPress, as the most popular web platform, is top of the target list.

Hackers continually probe WordPress instances for security vulnerabilities and methods for gaining access to private data, servers and web content. Once a vulnerability or exploit is discovered, it’s published and spread. Size or web traffic is not a factor here. As the owner of a small, not heavily-trafficked site, you may feel that you are less visible and less at risk of external attack. This is not the case. Many hackers use spambots that look for a vulnerable home to embed and spread their malware from – they systematically target outdated websites (often through entirely automated processes) and once they identify an outdated site, attempt to gain access. If the site is not properly secure and up to date, more often than not – they will be successful.

This is where WordPress updates and patches come in. The huge WordPress development community is constantly updating and fixing vulnerabilities as they are discovered – both for WordPress Core and the huge library of WordPress plugins. Preventative action is always better than reactive responses – if your site gets hacked and data theft occurs, it’s too late. The single best way to safeguard yourself from the threat of an external hack or data theft is to ensure that updates to WordPress core and plugins are applied frequently as they become available.

Updating frequently and as close to the release as possible also means that your site will incrementally improved and be enriched with new features, ultimately reducing the time required for major updates. Applying months or years worth of updates at once can cause site elements to break and is often a much bigger job than it should be if updates are applied incrementally and as released. Keep your risk down and peace of mind high by allowing at least for quarterly updates with your website administrator.

For more info on WordPress security, see the WordPress security white-paper: https://wordpress.org/about/security/

If your WordPress site is in desperate need of security patches, get in touch with the team at Arcadian Digital for help via hi@arcadiandigital.com.au

Find out some more tips and tricks to improve your WordPress site here.