WordPress release about 3 updates every year, these add various features (usually internal admin features – they try not to compete against the wealth of plugins which add external functionality) and security fixes.
Being a popular CMS means that lots of people try to hack WordPress, so you want to keep up to date with all the security releases available. But when your dashboard shows an update is available what do should you do?
- Backup files & database
It’s very rare to see an update trash your site, but it’s been known to happen, so make sure you have a worst case scenario backup
- Update core WordPress
Then check your site is still working OK. It should be… but then…
- Update plugins
Plugins that extend the functionality of WordPress often get updated after a new WordPress release to stay in step with it, so make sure they are updated too (maybe check again a couple of weeks after the WordPress release). Read the update notes and if you are conservative update one, check the site, then update the next, and so on. Plugin updates DO sometimes upset WordPress websites, so if an update goes wrong, disable the plugin (that’s what that functionality is there for) and then check the site to see if that fixed the problem.
When to update?
I never used to like being on the bleeding edge of WordPress updates, however, they do go through extensive testing and I’ve never seen a “bad” one, so update as soon as you can. Also, now that WordPress adds minor updates automatically then you can avoid the old situation that used to arise: update WordPress, wait 2 weeks, update again to add in all the extra security updates and obscure bug fixes that followed as a result. Now the latter update(s) will happen automatically for you IF they arise.
Whatever you do – DO update. If you don’t then security vulnerabilities are shared amongst hackers and before you know it your site might well end up being hacked (and repairing a hacked website is a pain). There is some snobbery around web developers about WordPress with some saying other platforms are far more secure – just as Mac owners thought their systems were secure until they became more popular and hackers started targeting them – it’s just a something that comes with popularity.
And one final thing: make sure you have decent security in place in the first place, we’ve seen sites recently that may as well have put a message on the website home page saying “please hack me”. If you don’t know what these kind of security measures are then find out or get a WordPress professional to sort you out.