Attackers are always looking for vulnerable Internet targets. The WordPress platform is especially tempting because there are so many sites out there, perhaps as many as a quarter of all the sites on the Web. If they can find a weakness, attackers can use it on huge numbers of sites. Many of these sites are small, personally run operations whose owners don’t consistently update them. WordPress tries to plug all security holes, but if owners don’t update their software, attackers have reliable methods of breaking their security. A well-maintained website needs regular updates.
This applies not just to the WordPress software itself, but to themes and plugins. They can provide openings to attack, and it’s important to check them regularly for updates. If the maintainer of a plugin stops supporting it, it may be time to replace it with something else.
Some people are reluctant to update their sites because of fear that they’ll break. This is a real possibility; the new version might not be compatible with a vital plugin, and critical features might go wrong or the whole site might stop working.
To avoid this scenario, or to get back to a good state if it does happen, follow these steps:
- Do a full backup of your site, including the database, before upgrading.
- Check the release notes on your themes and plugins. If they don’t say they’re compatible with the latest version, the maintainer may just not have updated the notes yet. If they say they’re not compatible, decide whether to delay the upgrade or switch to something different. Don’t delay too long; having year-old software can put you at risk.
- If everything’s good, do the update and immediately test it as much as you can. If it’s not working, switch to the default theme and test again, then disable plugins one at a time. That will tell you which component is causing trouble.
- If you can’t fix the problem right away, roll back to the previous version while figuring out your next steps.
If your site’s uptime is critical, have two copies of it, one private and one public. Try out all changes on the private site before you upgrade the public one.
To avoid this scenario, then come and be cared for. We offer WordPress care plans which will keep your website compliant. To learn all the ways we can help your online presence, please contact us.