Just like any software that you have on your computer or phone, WordPress needs to be updated on a regular basis. Unlike most software, though, WordPress is an open source community. That means there are hundreds of people around the globe working to constantly improve it and fix old problems. Updated versions are released frequently.
Whenever a new plugin or WordPress update is released, a bug fix report accompanies it. Hackers find out the vulnerabilities of old WordPress versions by looking at these reports. Then, they can target outdated sites by going to the sites and selecting View page source to see what version of WordPress they are running.
The easiest way to avoid being targeted by hackers is by updating often. It’s much easier and cheaper to prevent damage than restore your site later.
Updating your WordPress site may seem cumbersome, but it’s very important.
WordPress releases updates for five main reasons:
- Security: New security features prevent hackers from breaking into your website and inserting malicious code. This code can harm your site and cause it to lose position in search engine results. Search engines may even remove your site.
- Performance: Often updates will improve the performance of WordPress itself, or of a plugin or theme. For example, WordPress 4.1 included improvements to complex queries to improve the performance of sites using these, and WordPress 3.9 included improvements to the performance of TinyMCE. Plugins also get updates to improve performance, perhaps to speed up scripts or queries or run more efficiently.
- Bug fixes: New updates can fix functionality bugs in your site. So if something isn’t working properly, you may just need an update.
- Compatibility: After a major WordPress release, a lot of plugins will get an update to ensure compatibility with the new version, or to make use of new features. Sometimes a plugin won’t need to be updated as it remains compatible, but the developer should check that it’s compatible and update its compatibility information which you see in the plugin repository. Occasionally you might find that an update to WordPress or to a plugin results in compatibility problems with another plugin, which is why it’s important to back up your site before updating.
- Features: New features make WordPress easier to use or more useful. Don’t wait and update two or three versions at a time. It can be detrimental to your site, and then you must learn about many new features at once.
Don’t forget to update your plugins too.
Updating your plugins can be just as important as updating WordPress, and you should do so before you update WordPress. This can prevent your plugins from breaking, because developers do their best to adapt to the newest versions of WordPress.
Out-of-date plugins can be even more vulnerable to security attacks than outdated WordPress versions. To update your plugins, go to the plugins panel and click Update Available. You can do a bulk action to update the plugins or find the link under each individual plugin that says update now.
According to WP White Security, more than 70% of WordPress installations are vulnerable to hacker attacks and the total number of hacked WordPress websites in 2012 was a whopping 170,000. This figure is growing every year.
You may be wondering why anyone would want to attack your website, particularly if you have a low traffic website; however the vast majority of hackers are not looking to steal your data or delete important files. What they want to do is use your server to send spam emails.
Hackers prefer not to deface your website but rather exploit a vulnerability that will allow them to upload a script that send spam directly from your server.
Although there are many different ways in which a hacker can break into a WordPress website, the main techniques can be grouped together into four categories.
In an article last year, WP White Security reported the following statistics about hacked websites:
- 41% were hacked through a security vulnerability on their hosting platform
- 29% were hacked via a security issue in the WordPress Theme they were using
- 22% were hacked via a security issue in the WordPress Plugins they were using
- 8% were hacked because they had a weak password
Meaning that 49% of methods used to gain access to your site are under YOUR control – so spend the money on making sure that your WordPress site has the latest updates applied as they become available.