It’s relatively easy to update WordPress. It really is a case of an ounce of prevention being worth ten pounds of cure. I sometimes help new clients recover after their site has been hacked — but I’d much rather help you not get hacked in the first place.
When you log in to your Dashboard, you will sometimes see the following…
If a WordPress update is available, a notification appears above the At a Glance box. Otherwise, you won’t see anything. At the bottom of the At a Glance box itself, you can see your current WordPress version. Compare this number to the notification above to determine your level of pain.
From here, if you have nerd-powers, you may be able to update your WordPress installation yourself. You can find instructions here
But it’s also a service I offer. I regularly check my clients’ WordPress installs to make sure they haven’t fallen too far behind in terms of security updates.
Update WordPress Core
It’s important to not fall too far behind these updates. If the latest version of WordPress is 4.7 and you’re running, say, 4.5, 4.1 or 3.9, you’ve left the door open to an automated assault on your website.
The older your software is, the more known vulnerabilities hackers can exploit to bring down your website.
Update WordPress Plugins
All of the above goes for your plugins, too. WordPress will alert you when an update is available to any of your installed plugins. Go to your Dashboard › Updates screen to see a list of what needs to be updated: WordPress, plugins and themes.
Update WordPress Theme
Updating your theme files can be more complicated, depending on whether your theme came with an automated process to keep it up-to-date, if it was installed manually, or if it’s been modified by your developer.
WordPress themes — especially the kind purchased from theme repositories like ThemeForest — should be installed in a parent/child relationship. That is, your site should use a child instance of the theme, which allows you to update the parent theme, when necessary, without losing any modifications you’ve made to the child theme files. (This is how I set up all my WordPress projects.)
In general, themes are not updated nearly as often as plugins or WordPress’ core software. The main reason sites go down is because of old plugins and old versions of WordPress left online. If you keep your WordPress software up-to-date, you’ll eliminate 99% of attack vectors. Most hacks rely on exploiting bugs and weaknesses in old software.
WordPress: Extremely Popular, Extremely Secure
No software is 100% secure, especially online, but the folks at WordPress.org do a great job of keeping WordPress secure. They release many updates per year with new functions, improvements, bug squashes, and security updates for any newly discovered vulnerabilities.
This constant activity (see https://wordpress.org/download/release-archive/) is one of the reasons WordPress is trusted to run a quarter of all websites worldwide. All of this is great and speaks to the strength of the open source WordPress community.
My Update Process
I make sure your site never goes down, even during the update process.
- First, I back up all your data and media files.
- Second, I update plugins and WordPress core software.
- Third, I test your site to make sure the updates have not broken any functions or caused any display problems. (WordPress is very strong on backwards compatibility so there are rarely any issues along these lines.)
- Finally, I back up your site data a second time.
This update process gives me two complete snapshots of your site: pre- and post-update.
If your server runs cPanel or similar, I take a snapshot of the entire server, too. This gives you a complete back-up of everything, just in case.
How Long Does it Take to Update WordPress?
The whole process can be done in less than an hour.
Existing clients: shoot me an email.
New clients: use my contact form to say hello:
Harden Security Further
Apart from keeping all your software up-to-date, there are several additional things that can be done to harden WordPress’ security even further. A few extra plugins and some server tweaks go a long way to making life difficult for hackers and easing your mind.
I manage and secure about 40 WordPress sites. No site I’ve secured has ever been hacked.
I typically harden security and set up automated site monitoring on all new projects but it’s also something that can be added to existing projects at any point.
I’d love to help you secure your site.