WordPress is a wildly popular website content management system and blogging platform, and our favorite for most web projects. It’s easy to use and customize but as I’ve chronicled in some of my past posts, many designers and website owners don’t realize what’s required to keep them running properly and securely. Most WordPress users take this seriously and stay current on security updates, but a confusingly large number of them are willing to skip these updates and take their chances, or just don’t know better.
In January 2017, WordPress released two major security updates within a couple weeks of each other. They apply to all previous versions, and addressed over 10 major security issues and 65+ reported bugs. We very highly recommend that these types of updates be applied as soon as possible to keep your installation secure. Unpatched WordPress websites do get hacked, and can be quite costly to repair after the fact – assuming the site can be repaired at all. We have seen a few sites become so badly damaged from hacker activity that they were not repairable.
It is also very important to make sure your plugins and theme are updated alongside your WordPress website. With each missed update, a website is more and more likely to experience upgrade issues. WordPress has quite a few moving parts, and plugins and themes add even more. All the parts need to work together for your website to run properly. As the website ages, the plugin and theme compatibility with the newer versions diminishes, sometimes to the point that there is no feasible upgrade path.
The best approach is to stay current on all the WordPress updates. It will keep your site secure and cost you far less in the long run.