WordPress: Why updates are important!

In this artic­le, I explain why regu­lar Word­Press updates are essen­ti­al. Unfort­u­na­te­ly, even today, num­e­rous Word­Press web­sites lack pro­fes­sio­nal main­ten­an­ce. Updates are sim­ply not car­ri­ed out or post­po­ned for months or years until the first pro­blems occur.

Word­Press is con­stant­ly evol­ving — the same goes for good plug­ins and the­mes. The con­tent manage­ment sys­tem has the world’s lar­gest deve­lo­per com­mu­ni­ty, which helps to impro­ve and opti­mi­ze Word­Press and keep it at the cut­ting edge of tech­no­lo­gy. The­se advance­ments also include regu­lar secu­ri­ty updates that clo­se exis­ting gaps and help ward off poten­ti­al atta­ckers.

Of cour­se, the instal­la­ti­on of updates is also asso­cia­ted with effort, which is why many users also shy away from it. Howe­ver, this is the com­ple­te­ly wrong approach and can turn out to be more expen­si­ve than a pro­fes­sio­nal Word­Press main­ten­an­ce.

Regular updates increase the security of the WordPress website #

An essen­ti­al aspect why Word­Press updates should be per­for­med is secu­ri­ty. The more com­plex a sys­tem beco­mes, the more cos­t­ly it also beco­mes to con­sider every con­ceiva­ble case. Alt­hough the expe­ri­ence of the deve­lo­per helps to iden­ti­fy and clo­se poten­ti­al vul­nerabi­li­ties alre­a­dy during the imple­men­ta­ti­on, but ulti­m­ate­ly deve­lo­pers are only human.

In addi­ti­on, you must also under­stand that a Word­Press web­site usual­ly con­sist of the Word­Press Core (CMS), the plug­ins and a the­me. So the­re is not only one deve­lo­per or team, but depen­ding on the num­ber of plug­ins and the the­mes, the­re are seve­ral. So you could say that the more plug­ins and the­mes are used, the grea­ter the risk of vul­nerabi­li­ties on the web­site.

Most deve­lo­pers stri­ve to offer a secu­re and good plug­in or the­me. The­r­e­fo­re, they also pro­vi­de regu­lar updates that offer new fea­tures and exten­si­ons, as well as secu­ri­ty updates.

By the way, secu­ri­ty vul­nerabi­li­ties do not only exist on Word­Press, but also in other con­tent manage­ment sys­tems and appli­ca­ti­ons in IT.

Tip: Dele­te plug­ins and the­mes that are no lon­ger nee­ded or deac­ti­va­ted to remo­ve pos­si­ble attack sur­faces.

Updates provide new features and improvements #

Deve­lo­pers are inven­ti­ve and most are also eager to impro­ve their Word­Press plug­in and offer a wider ran­ge of func­tions. In updates, then often also new con­tent is inte­gra­ted. Depen­ding on what kind of plug­in it is, the exten­si­ons can be quite dif­fe­rent. From front­end ani­ma­ti­ons to backend func­tion­a­li­ties to SEO and per­for­mance enhance­ments, this can actual­ly include any­thing.

Here is an excerpt from the All-in-One SEO Chan­ge­log. This is one of the most popu­lar SEO plug­ins for Word­Press, along with Rank­Math and YOAST. Here, too, updates and bug fixes are car­ri­ed out regu­lar­ly.

Many plug­in aut­hors also regu­lar­ly exch­an­ge with the com­mu­ni­ty and allow you to con­tri­bu­te your own ide­as. So it’s always worth taking a look at the Word­Press forum and see if others have alre­a­dy expres­sed the same desi­re.

Better backward compatibility with regular WordPress & plugin updates #

An essen­ti­al and most­ly for­got­ten point is quite sim­ply the back­wards com­pa­ti­bi­li­ty. Of cour­se, the deve­lo­pers always try to pay atten­ti­on to com­pa­ti­bi­li­ty during fur­ther deve­lo­p­ment, but unfort­u­na­te­ly this can­not always be main­tai­ned over seve­ral ver­si­ons wit­hout pro­blems.

The­se are then for the most part also the pro­blems that you first noti­ce with your web­site. New UI set­tings or chan­ged para­me­ters that then affect the colors, fonts, sizes and ali­gnments of your web­site. All this could be avo­ided by a pro­fes­sio­nal Word­Press main­ten­an­ce or the regu­lar instal­la­ti­on of updates on Word­Press.

Automatic WordPress Updates — Curse or Blessing? #

Word­Press offers you the pos­si­bi­li­ty to auto­ma­te updates for the the­me, plug­ins and core. Thus, the updates are instal­led wit­hout the inter­ven­ti­on of the admi­nis­tra­tor. The opti­on for auto­ma­ting can be con­fi­gu­red both in the backend of Word­Press and via the wp-config.php.

Alt­hough this looks like a good auto­ma­ted solu­ti­on at first, we can curr­ent­ly only advi­se against it due to the limi­t­ed opti­ons. Unfort­u­na­te­ly, Word­Press does not inform us which plug­in was updated last and so trou­ble­shoo­ting, in case of pro­blems, pro­ves to be very time-con­­sum­ing.

Updates should also not always be instal­led imme­dia­te­ly after release, becau­se expe­ri­ence has shown that pro­blems can often still occur with lar­ger updates. The­se are fixed quite quick­ly, but until then, in the worst case, you open a back­door for bots and atta­ckers.

Of cour­se, you also have to take into account that the updates are not exe­cu­ted at spe­ci­fic times. Thus, an update can also take place in the midd­le of the night or when you are out shop­ping.

It depends on how important it is for you that your web­site is always available wit­hout any pro­blems. If you can live with the fact that your web­site is dis­play­ed incor­rect­ly for a cer­tain peri­od of time or, in the worst case, is not acces­si­ble, you can use the auto­ma­tic updates wit­hout any pro­blems. For all others, I recom­mend doing the updates yours­elf or to use a pro­fes­sio­nal Word­Press main­ten­an­ce.

Summary #

Regu­lar Word­Press updates are unfort­u­na­te­ly still com­ple­te­ly unde­re­sti­ma­ted and igno­red nowa­days. Alt­hough month­ly cos­ts ari­se from main­ten­an­ce, the­se are in no rela­ti­on to the cos­ts that can ari­se from a repair of the web­site. In the worst case, the web­site is infec­ted by mal­wa­re and must be clea­ned up at gre­at expen­se.

Loo­king at the sta­tis­tics (see below), 165 new secu­ri­ty vul­nerabi­li­ties were repor­ted in June alo­ne. The num­ber of unre­por­ted cases is likely to be much hig­her.

The “Vul­nerabi­li­ties by Year” also cle­ar­ly show that the num­ber of secu­ri­ty vul­nerabi­li­ties found is con­stant­ly incre­asing. All this cle­ar­ly shows how indis­pensable regu­lar updates have beco­me.