Why Is It Important to Update WordPress?
Our clients often ask why it is so important to update a WordPress site. So we thought we should explain this topic in detail in a blog post. Before we dive into the details of why developers advise website owners to regularly update their WordPress websites, let’s get some basic facts right.
WordPress Powers More than One-Third of the Internet
Yes, you got that right. WordPress is, by far, the most popular publishing platform on the Internet.
Written in PHP (Hypertext Preprocessor – a general-purpose scripting language) and paired with MySQL (an open-source relational database management system), WordPress powers approximately 37% of all websites on the Internet.
Each month, more than 400 million Internet users access over 15 billion pages on websites powered by this CMS (Content Management System). Over 60% of all CMS-built websites on the Internet are powered by WordPress.
No, WordPress isn’t just popular among the bloggers’ community worldwide. WooCommerce – an open-source eCommerce plugin for WordPress – powers around 28% of all online stores on the Internet. The bottom line – WordPress IS a big deal. The good news is that WordPress is continually evolving as are thousands of themes & plugins deployed to enhance its functionality. The bad news is that the websites built on this CMS are on the hit list of hackers.
What Do You Need to Update On A WordPress Site?
Three main parts of WordPress that need to be updated frequently are:
1. WordPress core files
2. WordPress plugins
3. WordPress theme
Its good practice to keep your core files, theme, and plugins updated to the latest versions. Updates for WordPress core files are released by WordPress.org.
Updates for plugins and themes, whether they are free or premium, are offered by organizations that develop, distribute, and maintain them. Updating WordPress plugins or themes is easy and anyone with basic know-how can do it.
What is the Biggest Reason to Update Your WordPress Site?
The biggest reason to keep your WordPress site updated or patched to the latest edition is to keep it as secure as possible. Given its massive popularity, WordPress remains a popular target for malicious hackers. WordPress developers release new updates and patches from time to time to fix potential security breaches and bugs. For instance, WordPress recently released an update that fixed 17 bugs and 7 security vulnerabilities. The update addressed several cross-site scripting (XSS) vulnerabilities.
Such vulnerabilities, if not addressed by updating a WordPress site, would have allowed attackers to inject malicious script on vulnerable websites. WordPress updates are not limited to fixing XSS vulnerabilities. There are other types of vulnerabilities as well. WordPress experts typically recommend installing updates classified as a ‘Security Release’ or ‘Security and Maintenance Release’ as soon as possible.
Remember that hackers are keen to exploit vulnerabilities in old versions of WordPress. Often, they use automated tools for crawling and identifying WordPress websites that have not been updated. According to an estimate based on the analysis of 40,000+ WordPress websites, over 70% of WordPress installations were found to have exploitable vulnerabilities. Just like the WordPress core files, vulnerabilities in themes and plugins can also be exploited by malicious code distributors or hackers. Put simply, when you do not update your WordPress files, theme, or plugins, you are practically leaving your website vulnerable to cyber attacks.
Update Your WordPress Site for Improved Page Load Times
So, when you update WordPress core files, theme, and plugins, your website’s pages may load faster. A lower ‘page load time’ – the time taken to fully load a web page – is important for two main reasons –
1. Better SEO – As you are probably aware, site-speed and as a result, page-speed is extremely important for SEO. It was way back in 2010 when Google first indicated that site-speed is being used as a signal in web search ranking. In 2018, Google announced that page speed was going to be a ranking signal for mobile searches as well.
2. Better User Experience – Page-speed matters a lot when it comes to user experience. Most people don’t wait for more than 3 seconds for a web page to load. Slower page load times are often responsible for higher bounce rates.
An Update Can Let Your Site Benefit from New Features
Nearly, every major WordPress update includes new features aimed at improving user experience.
WordPress 5.4 release, for instance, was one the first major release of 2020.
This new release introduced several new features, most of them centered on the block editor. The new update changed how people create content on WordPress.
With an updated WordPress site, you can be sure that you are not missing out on anything new that can potentially improve your site’s functionality, admin experience, or user experience.
Making Sure Plugins Are Compatible with Your WordPress Version
Many plugins would require your site to be on the latest version of WordPress. Such plugins may stop working altogether or offer limited functionalities until you install the latest updates.
Should You Enable Auto-Updates for Your WordPress Websites?
You can enable or disable auto-updates. For some people, updating a WordPress site can be a tedious task. Updating multiple sites can be annoying.
The auto- background update feature was first introduced in WordPress 3.7 (Count Basie). The feature was added to promote security, and to make the WP update experience easy and hassle-free for website administrators.
So, what are the different types of automatic background updates?
The 4 types of auto-background updates are:
1. WP Core updates
2. WP Plugin updates
3. WP Theme updates
4. WP Translation file updates
The core updates are further classified as core development updates, minor core updates, and major core release updates. By default, the auto-update feature automatically installs minor core updates. These updates typically include releases for maintenance and security purposes. Translation file updates, too, are installed automatically. Plugin updates need to be installed manually by default. However, you can also enable auto-updates for plugins. Core development updates and major core updates are not auto-updated by default. A WordPress expert can configure automatic updates for major releases.
But, is the WordPress auto-update feature good or bad? We don’t recommend turning on auto-upgrades for WordPress sites unless you are managing dozens of them and don’t find time to monitor them on a regular basis.
Yes, an automatic background update is convenient on most occasions. However, an auto-upgrade can at times result in a serious mess, especially if you are using a custom theme and/or a large number of plugins.
Can you afford to take that risk? A good example of why many WordPress experts recommend disabling auto-updates in WordPress is the Gutenberg 5.0 release. The new WordPress Editor offered a bunch of wonderful features but this update broke countless websites; several plugins weren’t compatible with Gutenberg 5.0 when it was first released. So, website administrators had to disable it and wait until the new feature and the CMS version stabilized. The chances of an auto-update breaking your site are minor. But, it CAN happen.
How to Safely Update Your WordPress Site
Setting up a backup system is no doubt the best way to make sure you are on the safe side, should anything go wrong while updating a WordPress site. Having a safety net is a must.
There are many WordPress plugins as well as third-party services for backing up all of your website data.
When you have an automatic WordPress backup system in place, you can turn on automatic background updates for major releases as well.
In case you want to manually update your WordPress site, be sure to follow these steps to safely update your WordPress site:
1. Before you start with your WordPress update, backup current WordPress files, plugins, content, and the database structure. Backups can be stored on the cloud or a local machine.
2. Turn off caching plugins, if any, during the update.
3. Upgrade the WordPress core; you just need to click one button to initiate an update.
4. Update your theme and plugins, one at a time or all at once.
5. Turn the WordPress caching back on.
6. Double-check if everything is working as expected. If, ‘yes, congratulations, your WordPress update is successful.
7. If you notice some issues, roll back to the previous version. You can start afresh or consult a WordPress specialist for assistance.
How Can You Avoid An Unstable Update?
Well, let others do it first. Once an update (whether for WordPress core files, a theme, or a plugin) becomes available, do not install it right away. Wait for two or three days and then install it. During this time, enough users would have installed this update. Should there be any issues, developers would be notified. By the time you install a new update, chances are that it’d carry the necessary patches.
Before installing a major WordPress update, you can run an online search to check if users are reporting any issues on the Internet.
Look before you leap.
If you do not have the knowledge or time to do it all by yourself, consider hiring a WordPress expert. Remember, you don’t have to be a programmer to learn how to update your WordPress site. On most occasions, you should be able to update the WordPress version, security and maintenance releases, plugins, themes, etc. within minutes with few mouse clicks.
You will need some technical knowledge only when there is an issue (which is rare).
Lastly, remember that updating your WordPress site isn’t an option but a necessity.