Why it is vital to keep your WordPress website up to date
In the past 12 months, WordPress has evolved from version 4.8.1 through to version 4.9.7 – that’s 15 updates before taking any of your site’s plugins into account.
As of July 2018, 31% of the web are using WordPress to power their website, from small businesses to large corporations. Unfortunately, this makes WordPress a prime target for hackers. This is not due to WordPress being poorly built, in fact, they have an entire team dedicated to monitoring the platform for any vulnerabilities, who push out updates with fixes to these vulnerabilities. Whilst these updates are essential for security, they also come packed with other features for your website, such as as the GDPR privacy updates in the recent WordPress 4.9.6 update.
Noticing updates available for your plugins too?
Depending on how many plugins your website utilises, you will notice a multitude of updates becoming available for your website, for example the popular SEO plugin Yoast released 13 updates in the past 3 months alone. These updates are just as important as the core WordPress updates, both ensuring that any possible vulnerabilities are fixed and any new functionalities (such as the regular important ones that Yoast push inline with any recent SEO changes).
How can I keep up with all of these plugins?
Unless you’re logging into your website every hour of the day, it can be difficult to keep up with every update. We recommend that you set up an automated task within your WordPress themes code to check for any updates and notify you via email as soon as an update is available. There are a few plugins you can use to achieve this, alternatively our Prosupport team here at Clicky would be happy to help you with setting this up.
Testing on a staging site
Applying an update to WordPress will push a change into your websites codebase, which is why we would never recommend applying one of these updates straight onto your production website. Instead, we’d suggest that you first apply the update to a staging version of your website and then test all of your website’s functionality for any potential issues that could have arisen with the latest update. Whilst these updates are released to help improve and secure your website, it’s always a possibility that something within these updates could cause a conflict with a piece of functionality on your site, and therefore have unexpected results.
Pushing the update to production
If your staging website continues to function correctly once you have applied the update, you can then apply it to your production website. Its best practice to have a secure deployment workflow in place, in line with version control, to allow you to not only push these updates into production, but roll back the website incase you do suffer any unexpected functionality breaks once the updates are live.
To summarise, a safe workflow for deploying an update to your website requires the following:
A notification process in place to alert you as soon as any updates are available
An up-to-date staging site to test out any new updates, using a combination of cross-browser visual testing, end-to-end testing and general functionality checks
A deployment workflow using version control and with the ability to easily roll back