The reason this is important is that because WordPress is a big complex piece of code and hackers will often find a way to get in by exploiting some security breach caused by a bug or a point of negligence in the code and gain control of your website files. Most of the time it is caused by robots (automated scripts) installing a malware (software designed to disable or damage your computer) to redirect users visiting your website to another website or they will inject some ads, etc. Their sole purpose is to actually take control of your website for their own benefit. When your version of WordPress is not up-to-date you can become vulnerable to these kinds of attacks.
The WordPress community is very quick at fixing these issues when discovered so it’s really important that you keep your version of WordPress up-to-date. Here’s what to know before you go:
- Update Notifications – When you see that little update notification on WordPress, go ahead with the update, however before you do make sure you have a solid back up plan in place so that every now and then both your database and your WordPress files are backed up. The reason for this: is if an update goes wrong for some reason – let’s say someone worked on your website and did some modifications to your files which actually changed the core of WordPress – and then you update WordPress, it could potentially break the website. But this is a very rare situation.
- Daily Back-Ups – Bottom line is you want to make sure you are doing a back up every day of your WordPress database and your files. Once you know you have that in place feel free to update at will. You don’t have to backup every day if your website is rarely updated with new posts or pages. The backup frequency really depends on the usage you make of your website.
- Update Plugins – You also want to update all the plugins because it’s not just the WordPress core you are using. You want to make sure they are up-to-date because even with plug-ins there are sometimes code vulnerabilities that are discovered and need to be fixed. Usually, for major plug-ins, they are quite quick to fix these and you will want to update these on your WordPress backend.
- Update Themes – As for the plugins, themes should be updated if they are premium or free from the WordPress theme library. They can be vulnerable as well. They can be updated in Appearance -> Themes. If auto-update is not set, like you bought a theme from “Theme Forest” or other premium theme provider, make sure to check with them weekly if they have released an update.
- Choose the right plugin – There are thousands of free plugins out there in the WordPress library. You want to make sure you install a plugin that is actively maintained by its author in order to keep your website safe. It is easy to check this by going to the details tab of the plugin page and check the last updated date value. If a plugin becomes part of something important you do, we recommend going with a premium plugin (a plugin you have to pay for), because it is more likely that they have a person or a group dedicated to the development. Free plugins are awesome because they are free! But the authors do not have any obligation to update them.
- Website security maintenance – Keep this as a routine to check every week, making sure all is up to date. Set a time aside for this, like Friday evening while traffic is low on your website and do the updates.
There is much more to do to keep your website secure, but the above points are the essentials. We can definitely help you maintain your website security to ensure you are always up-to-date with the latest updates and offer recommendations.