WordPress CMS, Theme & plugin updates

Protection Requirement:

BASIC

Skills/Resources:

>Basic WordPress admin

THE THREAT
Out-of-date system files can be a major security concern

THE OBJECTIVE
Keep WordPress CMS, themes & plugins up-to-date

PROPOSED SOLUTION
Keeping WordPress, themes and plugins up-to-date is usually one of the first things mentioned in any discussion on WordPress security.

There are basically three reasons why WordPress, themes and plugins are updated.

They are to

  • patch a security hole or vulnerability
  • address compatibility issues with other component of WordPress
  • add new functionality or features

Many people think of updates only in relation to new functionality or features.

When you understand that many updates are made to patch a security holes or vulnerabilities then you start to realise the importance of keeping everything up-to-date.

There is always a risk when updating that an update will not be compatible other system components and may even break your website. For this reason you should perform a backup prior to performing any updates.

On mission critical systems that can’t afford down time it is advisable to have a test/development system with a copy of the the live website where you can first apply the update and check for any issues.

How often should you check for updates?

You should frequently check for updates but if you are not monitoring your site on a regular basis then you should schedule a check for updates at least once a month.

MORE ADVANCED
If you have a lot of website to manage then there are systems available for central management even when the websites are on different hosting.

I use InfiniteWP. In addition to saving heaps of time there are also add-ons available including some security related such as malware scanning.

The same rules about backing up first and testing updates for mission critical systems apply.

NEED HELP?
If you need help implementing this and other security measures then Virtual Webmaster Services can help. Visit Virtual Webmaster Services

RESROUCES
none