Yes, yes it is. So much so, that we monitor and audit our client’s Wordpress websites every month (specifically those website’s built over the past year and beyond). Each month we notify our clients of any Wordpress installations and/or plugins that need updating.
So, why do we think it’s important? Let’s delve into our top 4 reasons.
We mention this as #1 for a reason. We see security as the most important reason to keep your Wordpress installation and plugins up to date.
The first thing to say is that Wordpress and many of its plugins are open source — meaning anyone can view and contribute to the code.
The second thing to point out, is that (at the time of writing):
- Wordpress is used by 32% of all websites 
- Up to 60% of all content management systems are Wordpress 
- There’s around 500+ new Wordpress sites launched daily 
- Of the top 100 visited websites in the world, almost 15% are powered by Wordpress 
This means that Wordpress is a very wide target for ‘hackers’ (people looking to do something malicious). If they (a hacker) find a vulnerability in Wordpress, it’s possible that they can access that same vulnerability on your Wordpress site.
Keeping Wordpress up to date will ensure any known attacks are patched (will no longer exist) on your site.
Core Wordpress developers are constantly working at making the underlying Wordpress code faster and more efficient. You may notice that most Wordpress updates include ‘performance improvements’, making Wordpress incrementally faster.
To be transparent, whilst you mightn’t notice huge page speed gains from every release, each tiny bit helps both your SEO rankings (faster sites rank better) and hosting bill (the more efficient the code, the less server resources required).
3. Bug Fixes
At the time of writing, Wordpress is made up of over 560k lines of code . It’s also maintained by hundreds of developers spread across the world. It’s fair to say that minor bugs can crop up and things like integration issues, overlooked (eg. Wordpress version A doesn’t play nicely with your plugin version B).
That’s why Wordpress has timely ‘minor’ WordPress releases — to fix issues that can and often arise. You may not notice these bugs on a daily basis, however it’s important to squash them early to prevent long term effects.
To be fair, we don’t see this pop up often, but worth mentioning. Wordpress plugins can only be installed into Wordpress if the plugin author defines: ‘My plugin is compatible with Wordpress version X and above’.
If your Wordpress version is behind a modern version, there’s a chance that the plugin you have your heart set on, might not be compatible (and installable) on your website.
How do I update?
So you’re now convinced, but how do you go about updating Wordpress? For various reasons (you can read about them over here), we don’t recommend simply pressing the ‘update’ button within the Wordpress admin. Essentially, we’ve seen many cases where pressing update breaks the site (because new and foreign code is simply dumped over the top of your website — before you’ve had a chance to test it).
We strongly recommend having a ‘staging’ (aka test, aka user-acceptance testing) site setup, which is a (code) replica of the live site, where you can test performing the update and test the new code before just overwriting the code on your live site.
At Pivotal, we have all of our modern Wordpress websites setup on a framework called Bedrock. This allows us to perform very safe Wordpress updates and testing processes, before updating the live website (preventing bugs from hitting your live site):
- Local — A developer will perform the updates on their local computer and test (picking up any issues before asking you to test)
- Stage — Automatically send the updates to a staging server for you (our client) to test. Only on your confirmation will we:
- Live — Send the updates to the live website
There you have it. Keep your Wordpress website up to date, and update safely and securely.
Originally published at www.pivotalagency.com.au.