There a huge number of free security plugins for WordPress that will help keep your website secure, but that’s not enough to keep hackers at bay – you need to update WordPress as well to benefit from hotfixes.
WordPress is an open-source platform, which means the code is available for everyone to analyse – that includes wannabe hackers. WordPress security is a big deal, with an estimated 64 million active WordPress websites on the internet today, it’s not something you want to brush over or leave until the last minutes – it may be too late.
WordPress is not like Microsoft or Tesla. They go through extreme efforts to keep their codebase secret and will even sue people for theft of intellectual property to deter even the thought. Secrecy makes it harder for hackers to find vulnerabilities and exploit them using nefarious methods.
Why do I need to keep WordPress updated?
WordPress is Open-source. Open-source codebases are publically viewable meaning, every line of code is there in black and white for all to see – including WordPress hackers. Unfortunately, this makes it extremely easy for almost anyone to reverse engineer the code and develop WordPress exploits that can be used to gain access to your WordPress installation.
4 Shocking WordPress Statistics
- 52% of WordPress vulnerabilities relate to WordPress plugins – source
- 84% of all security vulnerabilities on the internet are the result of cross-site scripting or XSS attacks. – source
- 44% of hacking was caused by outdated WordPress sites. – source
- The most common type of attack are backdoors – source
WordPress updates are not just designed to give you shiny new features. In fact, a lot of minor version updates address exploits and vulnerabilities that have been found in the WordPress core. So keeping your WordPress website up to date will ensure you have the latest hotfixes and you’re as secure as you can be.
How to Easily Update WordPress in a Few Steps
Here are 4 easy steps to update WordPress and optimise your WordPress security and ensure it is as tight as it possibly can be. Keep your readers and data safe from potential hacker intrusions by following along.
1. Take a backup of Your WordPress Website
You could risk not taking a backup via your web host, but I would advise against it. I have completed a small percentage of updates over the past decade that has gone wrong – maybe 2%, which resulted in me having to restore the website from a backup.
There are two main methods I use to take backups of clients websites;
- Take a backup via Cpanel
- Take a backup via Plesk
- Use a WordPress plugin such as Backup Buddy
My favourite method to take a backup before I update WordPress is using cPanel. It takes a few clicks, will backup the entire server and enable you to restore with just a few clicks. For those with limited server administration privileges, Backup Buddy is a great alternative that allows you to take a backup via WordPress.
2. Update plugins if required
With the security net in place with the backup you took in the last step, it is now time to update your existing plugins to their latest releases. It is important to update WordPress plugins before updating to the latest WordPress version to avoid any problems.
How to update WordPress plugins
- Go to
wp-admin > pluginsand click update available
- Select the checkboxes of plugins you wish to update
- Click update and wait
WordPress plugins almost always come with support for older versions, so updating them will not crash your website. All you are doing is preparing for the final update in the next step and ensuring there are no compatibility issues.
3. Update WordPress using WP-admin
So you have taken a WordPress backup using one of the methods above, you have updated plugins to their latest versions – now is the time to get the deed done and update WordPress. You don’t need any sort of special access except for an administration login for your wp-login page.
How to update WordPress to the latest Version
- Go to wp-admin
- Click the update notice at the top of the window
- Click update and wait
4. Confirm WordPress updated successfully
The update process happens without refreshing the current window, and sometimes there is a chance that it says it is complete, but there is still problems. To confirm the update went smoothly, head over to your website homepage and confirm everything is still loading.
Optimising your WordPress website and making sure everything is updated and secure are two essential tasks any WordPress website owner needs to be doing themselves. You don’t need to spend lots of money and hire a web developer – these are fundamental tasks.
If you are worried that you will screw something up, then don’t! Instead, follow the steps outlined in this guide, and you will be well on your way in no time.