WordPress is a great platform for building a website on, but it is far from a set it and forget it option. Many businesses, even some that actively add content to their site regularly, neglect basic site management. It is simply another task that nobody remembers. But regular maintenance and management of your WordPress site is important for keeping it running smoothly and protecting it from hacking attacks.
WordPress is software. Software needs updates.
Software updates are a constant in your life. You probably update your Mac or Windows PC’s operating system regularly. Plus there are updated anti-virus definitions, Microsoft Office updates, updates to apps on your phone, etc. We’ve all just gotten used to the fact that software is something that needs updates to fix bugs, add functionality or patch security vulnerabilities. And WordPress Websites are no different. WordPress is a software platform that just happens to run on your web server instead of a physical machine in your office or a phone in your pocket.
WordPress Averages 10 Updates Each Year
Since the release of version 2.1, WordPress has put itself on a schedule to put out new feature releases every 3 to 4 months. In addition there are always a number of security and maintenance releases throughout the year. Over the past several years, this has translated into an average of 2-3 version updates and 7 security and maintenance releases per year.
- 2020 – Version 5.4 and 2 security and maintenance releases (through June 2020)
- 2019 – Versions 5.1, 5.2 and 5.3 plus 9 security and maintenance releases
- 2018 – Versions 5.0 plus 9 security and maintenance releases
- 2017 – Versions 4.8 and 4.9 plus 9 security and maintenance releases
- 2016 – Versions 4.5, 4.6 and 4.7 plus 6 security and maintenance releases
- 2015 – Versions 4.2, 4.3 and 4.5 plus 7 security and maintenance releases
- 2014 – Versions 3.9, 4.0 and 4.1 plus 6 security and maintenance releases
Only 56% of WordPress sites are current
WordPress website owners are getting better at keeping up with updates than they once did. W3Techs, a company that surveys web technologies, report on November 1, 2016 showed that only 40% of WordPress sites were running on the current version. In June 2020, that number was 56%.
However, that leaves a lot of WordPress sites running old versions, including 20% that are still running a release of version 4, which stretches as far back as 2014.
Plugins and Themes are Software Too
In addition to WordPress updates, the theme (or visual skin that often has some functionality built in) and plugins (added functionality) need regular updates. These updates arrive on different schedules than WordPress core updates because they are produced by individuals or companies that are not directly affiliated with WordPress. Plugin and theme update schedules vary significantly, so it is important to either regularly review your site for updates or use a scanning program to notify you when updates are needed.
Not Updating is a Huge Security Risk
Running outdated WordPress software is a huge security risk. As we noted above, WordPress has averaged 6 security and maintenance updates each year, plus improved security with each full version update. Developers are actively fixing security risks which upon patching can become known to hackers. Not updating leaves holes in your site security that may be exploitable because hackers use bots to search for sites running specific versions or sometimes the bots just target every WordPress installation out there.
In the first half of 2016, Sucuri, a respected website security company, reported that about 55% of hacked WordPress websites they cleaned were not running the most recent version of WordPress. In addition, Sucuri found that just 3 out-of-date plugins were responsible for 22% of all hacked WordPress sites that they cleaned.
Regular management of your website will go a long way to preventing security risks.
Maintenance and Monitoring Improves Website Performance
Updates to WordPress core files and to plugins helps your website perform at a high level. Each time these software components are updated, developers tweak them to fix bugs and improve the way your site works. Some of these changes can help improve speed on your site. In addition to updates, there are times when new options become available that will improve the way your site works. An active webmaster will be able to take care of these improvements easily or recommend more comprehensive changes that will improve your site. This is especially true when an experienced web marketer takes a regular look at your website analytics with an eye on areas that can be improved.