Recently it was discovered that a weakness within a WordPress file enabled code to be executed remotely by hackers. The plugin, in particular, was the File Manager that allowed admins to edit, upload and remove files in WordPress rather than use the usual FTP. Once access had been gained, it was found that hackers could do all manner of things, like change, view or delete data. It was even possible for them to install new programs or create new accounts with full user rights.
Incidents like this are just one reason why it’s essential to keep all your WordPress plugins updated. If you still don’t believe us, as many as 83% of all hacked WordPress blogs have not been upgraded. Can you afford to take this risk with your business?
How to Keep Safe with WordPress Plugins
Keeping plugins and themes updated comes with several advantages. Bugs discovered in previous versions can be ironed out, and new features and functionality usually become available. Aside from these, there are fundamental security reasons why you need to update as well. Here are the main things you need to do in WordPress to keep it secure.
» Install New Releases. Whenever a new release or security release becomes available, you must install it as soon as you can. Be aware when they become available either by subscribing to the official WordPress blog, or WPBeginner. Old releases can become prone to hacks or be full of bugs.
» Keep Plugins Updated. Just like new releases, plugins must also be updated as soon as one becomes available. This is important, as hackers often look for the bug fix report that comes with them. They use this to exploit vulnerabilities with the update. Regular updates are essential because they patch vulnerabilities and strengthen against attacks.
» Keep your Theme Updated. Just like the core WordPress and plugins, you should also keep your theme updated.
» Remove Inactive Themes & Plugins. Over time you may experiment with different themes and plugins, and it is easy to leave these installed on the site. Regularly audit your WordPress site and deactivate and delete obsolete and unused plugins and themes.
» Choose a Credible Web Host. Credible web hosts ensure that servers are adequately updated on each new major software release, keeping the site performing well, as well as safe.
Updating WordPress: Step by Step
If you’re keen to reap the security benefits of updating your plugins and themes but aren’t sure how here is a quick step by step guide. As an added bonus, these steps are also quick to implement.
The usual way to know when a WordPress theme or plugin needs updating is when a notification appears within WordPress itself. Of course, you might not log in every day. In this case, we recommend installing the WP Updates Notifier that will email you every time a significant update is made.
Before you do the following, we also recommend you do a little housekeeping by deleting the plugins and themes you no longer use. This alone will reduce the amount of code on your site, meaning fewer potential points of entry for hackers.
» Before installing anything, be sure to read the release notes. These will tell you what will change before the update is installed.
» If you have a development site, test the update on there before installing it on your live site. The update could break something, so it’s a way to troubleshoot problems before they wreak havoc.
» Make sure that you have a backup plugin installed and that backs up your site often. You might also want to manually backup your site from time to time as well.
» Install the updates then check your site to ensure it is still functioning correctly. Refer to the changelog or release notes if you encounter problems.