I always have a *facepalm* moment when I log in to a client site to get to work, only to find 10+ plugins with updates. If this is you, don’t feel bad, it’s also about 80% of my new clients so you’re not alone.
It happens so often that I have a pre-written paragraph that I send to them explaining why keeping things up to date is so important and how to do it. I also mention my monthly and quarterly maintenance packages in case they’d like someone to do it for them.
Now, don’t get me wrong, I honestly can’t blame my clients or anyone else.
It took a long time before I ran across an article explaining how important updates were. On top of not fully understanding, they used to scare the heck out of me. What if the update broke my website?! I’d heard of it happening to others and I wasn’t sure what I’d do to fix it if my website did go down. Would I lose everything?
Yes, plugin updates can occasionally cause problems, but the 2 minutes it takes to login via FTP and remove the broken plugin is much better than the possible alternative.
Why It’s So Important To Update Your WordPress Plugins
Think of it like this. Most of the time, plugin creators aren’t making updates for the fun of it. It’s not like they’re sitting around their apartment bored and think “Oh, I’m going to go push out a random update!”
Yes, sometimes they add new features or make a few simple tweaks, but a good portion of the time the updates are due to bugs or security vulnerabilities.
Now, think of yourself as a hacker. Hackers are always looking for security issues to take advantage of. It’s literally what they do. If you were that hacker and saw a big security patch was just pushed out for a plugin, wouldn’t you quickly learn how to exploit that vulnerability and use it to attack websites?
I’m not an awful person so I’ve never done it, but that’s what I’d do! 🙂
In case you’re doing a quick scan and didn’t put those two pieces together, a good portion of plugin updates are done to fix security issues. When security issues are fixed and you don’t update, hackers know exactly where to attack your website.
Other than hackers gaining access to your website due to weak passwords, plugin vulnerabilities are the easiest way for them to get in.
Some Plugin Update Examples
I went ahead and looked up some of the more popular WordPress plugins to show you the kinds of reasons they’re pushing out updates. Let’s take a look at a few.
In October, Akismet pushed out an update that “closed a potential XSS vulnerability”.
What is XSS, you ask? It’s basically a security issue that allows hackers to inject their own code into web pages. Sometimes this is harmless, but other times it’s all it takes to allow someone to take over and possibly destroy your website.
Yep, security plugins have issues too. As a software developer, I can confidently say that no developer is perfect (as much as they want to be) and small bugs are easy to miss.
Like Akismet, an update to Wordfence “Fixed stored XSS vulnerability”.
You already know what XSS means, so I’ll just reiterate, sometimes these issues are nothing, but do you want to take the chance?
Disqus Comment System
The last quick example I’ll give is the popular commenting system, Disqus. Lately, they’ve released two separate updates with one of the items being “Security fixes”.
That’s all the information in the change log, but if you want to be safe here’s a place where you can assume the worse.
How To Update Your Plugins
I’m sure you get the point I was making above. The amount of damage that can be done through these security vulnerabilities definitely warrants a few seconds of your time to complete an update.
Think about it, you could truly lose everything.
However, it does take a bit more work than clicking the little “Update” links if you really want to keep your website safe.
If you see the little orange numbers in your WordPress Dashboard, you know it’s time for some updates.
Here’s the quick process I use:
- Complete a full site backup using BackupBuddy. (If you’re looking for a free option, try Duplicator)
- Complete plugin updates
- Make sure everything still works as expected
Now, I’ve personally never had a problem on my own website. If you want to be even safer you could follow this slightly longer process:
- Complete a full site backup
- Complete one plugin update
- Ensure everything is still working
- Repeat steps 2 and 3 until all plugins are updated
That way, if a plugin did break your website you’d know exactly where the problem was.
See? That wasn’t so bad!
Now that you know that making plugin (and WordPress!) updates is worth a few minutes of your time, go do it! Remember, take a complete backup of your site just in case something does go wrong.