There are many “experts” out there who say you must never update software until you make sure other people who update their versions figure out whether there are any issues or problems with the software update. While I’m not going to say this is a good or bad thing, I will point out that most of these “experts” are talking about enterprise-level software applications… and even operating systems.
When it comes to WordPress, this mindset of “waiting to see what happens” is just flat wrong and a very bad practice. I’ve run into so many site owners who are having a problem with their site only to find out they haven’t updated WordPress, a theme, or plugins in almost two years… because they were “waiting to see if something was bad with an update”. Let’s take a look at why waiting to update is a very bad practice.
We probably need to start by asking the question, why are there updates? The most common answer to this question is that most updates are released (for themes, plugins, and core WordPress) because a fix to a bug or a security issue needs to be patched. So by not updating, you are leaving your sites buggy and open to being hacked. It is extremely easy to do a little Google search to find a site that has not been updated and therefore ripe for the hacking. This goes especially true for plugins. Plugins seem to be a greater source of security holes than WordPress itself… so if you are only updating WordPress but not wanting to update your plugins, you are moving yourself to the front of the line for hackers looking to cause trouble.
Now you might be saying what does it matter if I get hacked… I’ll just fix/restore my site.. While it might be true you can “restore” your site, you might not realize the damage done to your site. Not only does the hacker know your site is vulnerable because of an outdated plugin, but now Google knows about your issues. A hacked site can lose position on search engine rankings. Google will even de-list and de-index your site because it finds malicious code that the outdated plugin let outsiders leave on your site. And now you have to ask yourself, what good is a website if no one can find it on the internet (through search).
Most people who don’t update their themes and plugins probably fall into the category of being afraid you’ll break your site. While this is a valid concern, it should NEVER stop you from updating a plugin or theme or WordPress… Why? Because there are so many easy ways to backup your site so that if something happens during the upgrade process you can easily roll-back the update and restore your site and do a little more focused work on making sure the upgrade takes place. Using BackupBuddy can be your security blanket to give you the courage to update as soon as you see an update is available. Here’s a quick 1-2-3 to help you update your plugins, themes, and core WordPress.
- As soon as you see an update is available, press the one-click button to perform a backup of your site using BackupBuddy.
- Go to WordPress’ update screen and update everything that needs to be updated.
- If everything went well… you’re done. If anything didn’t work out, just use BackupBuddy’s restore capability to roll your site back to before the update.
There’s another reason to make sure you are updating your plugins and themes that has nothing to do with security. (This is a real example.) WordPress recently changed the way the media uploader handled the uploading and management of images in the admin area of WordPress. If you had a plugin or theme that uploaded images as part of a feature… guess what happens if you choose NOT to update your plugin… Your plugin now fails to work because WordPress changed the way images are uploaded.
The great thing about being involved in an open-source project (WordPress.org is an open-source project) is that thousands of developers are banging on the code and constantly moving the project forward. This means things will change over time. And to take advantage of the expanded capabilities, you MUST keep all your code up-to-date.
If this post was too long and you really didn’t want to read it (TL:DR), here is the summary. Always update your plugins, themes, and core WordPress otherwise you are shooting yourself in the foot!