If debugging is the process of removing software bugs, then programming must be the process of putting them in.
Edsger Dijkstra
According to Sucuri, almost 60% on the hacked websites they fixed in 2019 had outdated software. The WordPress security firm, Wordfence, publishes new security issues on a regular basis (typically after they notify the code owners and give them an opportunity to fix their code). WPScan has a database that has a list of over 21,000 known vulnerabilities (most of these are from free themes and plugins). With all this readily available information, you would think there would be fewer hacked websites. But the reality is most website owners don’t update their WordPress websites.
Being open-source software, WordPress developers are constantly releasing updates. As programmers find new bugs, they release newer versions. Theme and plugin authors also provide updates to fix issues with their code. It is paramount that you keep your WordPress website updated. The best way to stay on top of these bug fixes is to have a maintenance plan in place for your website. An outdated website has known security vulnerabilities. If left unfixed, your website becomes a target for hackers.
To properly update a WordPress website, it is important to know how the software processes available updates. The update process occurs in five steps.
- place the website in maintenance mode.
- remove the required files.
- download the Zip file holding the updates.
- unzip the files into the correct directories.
- take the website out of maintenance mode.
This process is relatively fast (depending on connection speeds). While in maintenance mode, the website is not available and displays a maintenance mode message to visitors. It is best to run updates during times when the website has few visitors (I like to run updates at night or on the weekends).
For the websites I manage, I run updates over the weekend (typically on Saturday so I have time to fix any issues). I always run the updates on a testing server first (the testing server has a copy of the live website that is not visible to search engines). The reason for updating on the test server first is that I can test the update and fix any issues before running the updates on the live server. This way, I reduce the maintenance mode of the live server to the minimum amount of time. I follow a multi-step maintenance plan.
On the Testing Server
- Make a website backup.
- Run the updates.
- Test the updates.
- Fix any issues.
- Make a website backup.
On the Live Server
- Make a website backup.
- Run the updates.
- Fix any issues using solutions from above testing.
- Make a website backup.
The reason for so many backups is I always have a version available that I can use to restore a broken website. I have witnessed way too many website owners blindly applying updates without testing them first. I fully understand that heart sinking feeling of running an update only to discover the website no longer works properly.
Keeping your WordPress website updated is critical to keeping your website secure. Updates fix known security issues and correct code errors. Follow a regular maintenance plan to ensure your website keeps functioning correctly. Don’t forget to run multiple backups and test the updates on a test server. The extra precautions will pay off because your website will be available when you need it most.