The importance of WordPress updates

We’re always advising our clients to keep their sites up to date. Unfortunately, the reasons why have recently come to light, with a recent website hack that has resulted in a website being down for over two weeks.

A few years ago I built a WordPress website for a small business in Sevenoaks. For years the website needed very little work, the design and functionality remained the same. I hadn’t heard from this client (let’s call her ‘Sarah’) in over a year, and assumed that everything was going well. It was, until two weeks ago.

A hacked WordPress site

Sarah was alerted by a customer of hers that her website wasn’t working. This was news to Sarah, but after checking for herself, she found that the website had changed in appearance and looked broken.

Concerned, she contacted me to ask if I knew what had happened. My first suspicions were that the site had been hacked and these suspicions were confirmed when I ran the site through a security check at https://sitecheck.sucuri.net// .

The site had been compromised and the hacker had replaced the custom WordPress theme with one full of malicious code.

Avoidable expense and stress

We’ve since been working with Sucuri and Sarah’s hosting provider to resolve the issue, but it has resulted in support costs and significant disruption to her business.

The frustrating thing is that all of this could, probably, have been avoided. Sarah chose not to renew her maintenance plan a couple of years ago and I advised her to keep everything up to date and backed up.

Too scared to update

Updating WordPress, your plugins, and your themes is usually a case of clicking a button. However, it’s always recommended to take a backup as there are sometimes conflicts. Knowledge, or experience, of these conflicts, and an insufficient backup system, often prevents people from keeping their website updated. They’re scared to break the site.

Despite the concerns it is critical to keep the site up to date for security reasons. WordPress and plugin and theme authors are constantly releasing updates to their software – most often because of security issues. If you don’t stay up to date hackers can exploit outdated code to access your site and cause all kinds of damage. Sound scary? It should!

Our recommendations

We highly recommend that all WordPress website owners do at least the following:

  • Keep WordPress, plugins and themes updated
  • Have a backup solution (even if your server already backs up your site)
  • User strong usernames and passwords (if you have a user called ‘admin’ remove it right now!)
  • Install a reputable security plugin

We can help

We offer WordPress maintenance services where we will keep you site updated, backed up and secure. Plans start from £50/month. Please get in touch if you’d like to talk to us about the peace of mind we can bring.

 

About the author

Co-founder and lead front-end developer at Highrise Digital. Keith has a passion for building beautiful, fast and usable websites.