WordPress is an open source system, which means that the source code that powers it is freely available for anyone to download and use. This also means that anyone looking to hack into a WordPress website also has the opportunity to dissect the code and exploit any vulnerability they find. WordPress is used to power roughly 22% of today’s websites published, and it’s these numbers that make it a popular target for hackers.
That said WordPress is actively updated, and the developers release two major updates per year along with many minor updates throughout the year. These updates cover many issues; from fixing newly discovered security flaws, through to improvements in the admin and adding new functionality.
So here’s the problem – because the security updates are well publicised it means that any websites using an older version of WordPress will now be more susceptible to attack just because more people are aware of that particular versions security issues.
But by not updating to the latest version of WordPress you’re also missing out on other features that could make running your website easier.
WordPress has changed incredibly since it was first published in 2003. Starting life as a blogging platform it’s now flexible enough to power pretty much any website you can think of. With every new version release WordPress is improved upon; with new features and functionality added along with improvements to the usability of the admin screens.
Plugins are extra bits of software that are used to extend the core functionality of WordPress. There are over 32,000 plugins available for download from the WordPress repository, and if you can think of something you’d like your WordPress website to do there’s probably a plugin available to do it.
With every major update of WordPress some changes are made to the code that may break how the plugin interacts with the WordPress core, it’s rare – but does happen. As well as playing nicely with the WordPress core, plugins also have to behave with other plugins, and with more than 32,000 of them occasionally you may run into some compatibility issues between a couple of them.
Plugins can be, and are, written by a wide range of developers; from single lone developers who code for the hell of it, to professional companies making a living from their work.
WordPress makes available preview versions of its code so developers can download the latest versions and adjust their plugins if necessary to ensure they work with the latest version. How quickly, or slowly, the plugins are updated is down to the authors. Professional companies are usually ahead of the game here.
The theme files control how WordPress will display all of your lovely work. These again are interacting with the WordPress core and as such sometimes a new version of the WordPress core may introduce problems for your theme.
Professional theme developers test their themes on the latest versions of WordPress, and make available their updated themes for their customers to download. Often themes will be tested with the most popular plugins to ensure compatibility – some coming with a list of recommended plugins that the theme is designed to work with.
Updating WordPress, Plugins and Themes on a live site.
Before you do anything make a backup. boring i know, but if you update your version of WordPress and suddenly your website no longer works what are you going to do?
A solid backup of all files and the WordPress database (and a procedure for restoring them!) means that if something suddenly breaks you can always revert back and get back up and running quickly.
Make a list of plugins your website is using, and head over to the WordPress plugin repository and check to see if any have been tested on the latest version of WordPress.
Update the WordPress core. Then test everything is working as before.
Next go through your plugins, one at a time, updating each one, and again testing everything works. If you want to take a backup between updating each plugin then this is an extra precaution you may wish to take.
If something goes wrong, then you’ll have a pretty good idea of which plugin is to blame.
Theme updates. If your theme has a new version then download it and install it, once again testing everything works as before.
Hire someone to do it for you.
Our preferred method of working on clients WordPress websites is to first perform the updates on a local copy. The local copy is an exact copy of your website that we use to check everything is working as normal. When everything is tested and operating normally we can then upload the updated files to your live website.