WordPress is the world’s leading content management system (CMS), and powers roughly 25 percentof all the websites on the internet, from personal blogs to Forbes and the BBC. It’s popular because of the combination of simple functionality and complex capabilities. Its widespread use is enabled by plugins, widgets and themes created by a robust community of developers. These add-ons are easily integrated by WordPress users to customize their sites for their specific needs.
The strength of WordPress also gives rise to one of its main criticisms; that it is difficult to maintain functionality and security, because of all the parts that must be kept up to date. The criticism is not baseless, as the global wave of breaches and website hacks has touched the quarter of the internet powered by WordPress. It would be more accurate to say that WordPress must be maintained properly to preserve functionality and security, and the various parts can make that difficult for individual users to do. If WordPress and its add-ons are kept up to date, it is an incredibly powerful platform. If they are not regularly updated, vulnerabilities are discovered and exploited, particularly in plugins, but also in the WordPress core.
Why It’s Important
WordPress updates extend its capabilities, integrate new technologies, address performance issues and fix security vulnerabilities. In the event of critical vulnerabilities, a temporary patch is issued to close it, pending the next full update.
All elements of the platform need to be kept up to date to keep them working together properly, including the core, plugins, and also tools like PHP and MySQL/MariaDB. The more of these elements are running out of date versions, and the more out of date they are, the more likely and severe performance and security problems are likely to be. Research by website security firm Sucuri indicates that the majority of hacked WordPress installations (55 percent) are running out-of-date software.
Administrators of websites suffering a breach or loss of functionality generally intended to keep their WordPress instance completely up to date, but may have put off performing updates during a busy or inconvenient moment. Once the updating process is disrupted, catching up becomes increasingly critical, and potentially more difficult, as obsolete versions may stop working properly as other items are brought up to date.
What to Do
WordPress itself has been working on making things easier for site administrators, and introduced automatic background updates with WordPress version 3.7. This feature enables minor core updates such as maintenance and security releases by default.
More robust tools have been developed to automate updates, ensuring that updates will be completed as frequently as necessary without constant attention from website administrators and owners. Automating updates generally takes little or no more time than performing updates manually, so a small investment of labour will see returns very quickly, even beyond the assurance of continued performance stability and security. If there is a problem with an update, the troublesome element can be rolled back to the previous version, and updated again when the issue is resolved.
Taking advantage of these tools allows WordPress users to easily keep their websites running smoothly and securely, while spending their valuable time creating great content to engage with their audience.