Why You Need To Keep WordPress Updated
If you're using WordPress then you probably noticed the very frequent updates to the software over the last couple of weeks.
It was quite unusual in that respect as updates are usually released every few months.
However, there were different types of update being released, so I thought it would be a good idea to become familiar with them, and discover why it's important to keep WordPress updated.
No matter what kind of computing device you are using - desktop, laptop, tablet, mobile - there will always be software updates required.
Some updates will be for the core operating system; e.g. Windows, Mac OSX, iPhone iOS.
Others will be for the software or Apps you have installed; e.g. Microsoft Word, Excel, Pages for Mac, Evernote, etc.
The same applies to your installation of WordPress - it will require updates.
What becomes confusing is the difference between an Update or an Upgrade.
And more importantly, when you should update or upgrade your software.
An upgrade is also referred to as a major version or a new release.
For example, the Apple Mac OS is currently called OSX, with X referring to Version 10.
Apple release new versions of the software that are numbered and named:
So, if I'm running version 10.8 I would have to UPGRADE to version 10.10 to be on the latest version of the OS software.
Apple tend to release a major version once a year, but you are not obliged to upgrade to the latest version straight away.
We will examine the pros and cons of upgrading to the latest version later on...
An update is also referred to as a minor version or maintenance update or security update.
Staying with the Apple Mac OS example, the latest version is actually 10.10.3
What does that mean? It means Version 10.10, Yosemite, has had 3 minor updates since it was released in October 2014. The history looks like this:
Each update addresses several issues, which might be new functionality, bug fixes or security. For example:
The OS X Yosemite v10.10.3 update includes the new Photos App and improves the stability, compatibility, and security of your Mac.
- An Upgrade is focused on releasing new features or functionality.
- An Update is focused on addressing bugs or maintenance.
OK, let's apply the principle to WordPress now...
WordPress Versions and Releases
A major WordPress version is dictated by the first two sequences. For example, 4.1 is a major release, as is 3.8, 3.9, or 4.0. There isn't a "WordPress 3" or "WordPress 4" and each major release is referred to by its numbering, e.g., "WordPress 4.1."
A minor WordPress version is dictated by the third sequence. Version 4.1.2 is a minor release. A minor release is reserved for fixing security vulnerabilities and addressing critical bugs only.
Major versions of WordPress are released every 4-5 months, and minor releases happen as needed.
Why all the WordPress Updates?
As I said at the top, the last few weeks have seen a plethora of WordPress updates, including both major and minor releases.
WordPress 4.1 "Dinah" Major Release
WordPress 4.1.1 Maintenance Release
WordPress 4.1.2 Security Release
WordPress 4.2 "Powell" Major Release
WordPress 4.2.1 Security Release
WordPress 4.1.3 Security Release *
* special update to allow for those still not on 4.2
The recent minor releases have been driven by security updates:
- WordPress 4.1.2 addressed a critical cross-site scripting vulnerability, which could enable anonymous users to compromise a site.
- WordPress 4.2.1 addressed a cross-site scripting vulnerability, which could enable commenters to compromise a site.
What's the point of updating WordPress?
Facts: WordPress powers more than 23% of the top 10 million websites, giving it an estimated 60% market share of all sites using a CMS.
Which makes WordPress an extremely attractive target for hackers.
WordPress has a dedicated security team as well as a vast community of developers who are continually looking to tighten up any holes in security.
Therefore its extremely important that you update your version of WordPress to the latest version to reduce the risk of your site being hacked or exploited through the known vulnerabilities.
The automatic minor updates should take care of that for you...(more later...)
But they only update the latest major version.
So if you are stuck way back on WordPress 3.9.1, then you won't be getting the automatic updates like 4.1.2 or 4.2.1.
You need to be on the latest version!
When should I update WordPress?
Now that you have the background to WordPress versions and releases you need to consider when you should update your software. What is the best practice?
According to the WordPress Codex you should always be on the latest version of WordPress.
Because the new releases often include new and improved features and fixes.
However, you should proceed with caution!
The WordPress development team are very keen on making sure that the latest releases are backwards compatible. In other words, they want to introduce new features but they also want to make sure it does not disturb your current settings.
The last thing you want to discover is that your theme, plugin or custom code does not function when you update the WordPress core software.
Generally, the minor updates should not cause too much concern, but a major version has new functionality.
Pressidium, which offers Managed WordPress Hosting, treats the WordPress major and minor updates differently. Here is their policy statement:
Our upgrading policy is to push security releases (minor versions) within 24 hours after public announcement and major releases roughly two weeks after their official release.
In other words they are treating a major release with more caution than a minor release and like to test compatibility issues before allowing their clients to upgrade.
This represents an example of best practice and is one you can adopt too even if you don't have a Managed WordPress Hosting solution.
WordPress Update Plan
- Check and confirm your site is running OK on its current version.
- Backup WordPress to make sure you have a working version you can go back to if the worst happens.
- Run the WordPress Update from your Admin Dashboard.
- Check your site again to make sure it is running on the new version.
- If your tests are OK, then 'bingo' you're done! If not, then you can restore your previous version that you backed up in Step #2.
WordPress Automatic Updates
Since version 3.7, WordPress introduced automatic updates for the minor releases.
Here's an example of an email notification I received informing me of this:
Don't forget your Theme and Plugins!
So far, we have only touched on the WordPress core software, but I'm sure everyone will have a Theme and several Plugins installed as well.
Like all software, themes and plugins will need updating from time to time as well.
You need to keep them updated like WordPress itself, in order to:
- Maintain compatibility with the latest version of WordPress
- Add new features and functionality
- Reduce the risk of security leaks
Just recently, there was a major security issue discovered, that impacted popular plugins like WordPress SEO by Yoast, Jetpack, Gravity Forms, and others.
Those plugin vendors were all releasing updates to fix the vulnerability.
You need to stay updated to protect your site!
Here's what you have learned today:
- WordPress, like all software, will always require updating
- Major and Minor releases are designated by number sequence
- WordPress, Themes and Plugins should be updated in a controlled way in order to maintain integrity
- Ignoring updates for WordPress, Themes and Plugins leaves your site in a more vulnerable state to be exploited by hackers
Let me know your thoughts in the comments below:
- Are you keeping your WordPress site updated?
- Are your theme and plugins up-to-date?