WordPress is a wildly popular website content management system and blogging platform and our favorite for most web projects. It’s easy to use and customize but, as I’ve chronicled in some of my past posts, many designers and website owners don’t realize what’s required to keep them running properly and securely. Most WordPress users take this seriously and stay current on security updates, but a confusingly large number of them are willing to skip these updates and take their chances or just don’t know better.
This past month (January 2017) WordPress released two major security WordPress updates within a couple weeks of each other that apply to all previous versions and addressed over 10 major security issues and 65+ reported bugs. We very highly recommend that these types of updates be applied as soon as possible to keep an installation secure. Unpatched WordPress websites do get hacked and can be quite costly to repair after the fact – assuming the site can be repaired at all. We have seen a few sites become so badly damaged from hacker activity that they were not repairable.
It is also very important to make sure your plugins and theme are updated alongside your WordPress website. With each missed update a website is more and more likely to experience upgrade issues. WordPress has quite a few moving parts as well as plugin and theme considerations. All the parts need to work together for your website to run properly. As the web site ages, plugin and theme compatibility with the newer versions diminishes, sometimes to the point that there is no feasible upgrade path.
The best approach is to stay current on all of the WordPress updates. It will keep your site secure and cost you far less in the long run.