Most people know that you must keep your site software updated to keep it secure. However, website security is about a lot more than just keeping plugins and themes updated.
Clicking the update button whenever you are updating your site (hopefully at least weekly) will go a long way to keeping your site safe. Here are a few other things to consider when thinking about how you manage WordPress core, plugin and theme updates.
How often are you able to update?
We recommend logging into your dashboard at least weekly and seeing if there are any updates waiting. The order in which you update plugins can also be important so make note if you have any issues. Here are a few combos that can be a bit tricky sometimes:
- Woocommerce and lots of plugins.
- Themes with page builders.
- WPML and assorted plugins.
- Woocommerce and any language plugins (Polylang, WPML etc.)
How often do you clean out your plugins and themes?
If you have a lot of plugins and themes, it’s best to remove anything you are not using to leave less surface area for bots to attack.
When was the last time the developer of your theme or plugins updated their software?
Theme and plugin developers bundle in libraries of code from elsewhere. Suppose your theme developer isn’t vigilant in updating their source code. Any holes in the libraries/code/theme are also on your website, ready for bots to take advantage of.
It’s a good idea to monitor how frequently your theme and plugins are updated and make sure your code isn’t getting stale.
WP-Ensure takes care of that for you. We actively monitor all of our customer sites and follow industry news for emerging threats to sites/libraries/themes/plugins and, of course, the WordPress core itself.
Have you ever run into incompatibility problems?
Sometimes updates don’t work the way they are supposed to. Most of the time, you’ll be fine, but the more complex your site is, the more trouble you might have. Ensure you have a backup that you can restore before updating more sensitive sites.
PHP updates on the server can break older plugins. WordPress core incompatibilities with plugins can sometimes cause the whole site to go down. Sometimes the order of how you update the plugins makes a difference. For example, the WPML plugin can be a bit touchy about which parts you update first.