Over the last month, we retired one of our cloud servers – the second cloud server we ever leased as a company, one that was in use for 5 years (these moments make web developers nostalgic). We went through the process of moving clients one by one to our new, faster, and more secure cloud server; checking to make sure each site was up to date. Each site got everything updated, had our usual health-check, and was transitioned without flaws. This process was a good reminder for why we stay on top of the updates for our clients, and why it’s important.
I recently read an email from one of our vendors, iThemes for vulnerabilities from outdated plugins (part 2 of the article can be read here). This article outlines commonly used plugins that can be a danger to your site if they are outdated. Plugins are just one part of a WordPress page. This blog post today will address the different parts of a WordPress page that should be checked for updates.
Frequently overlooked by DIY web builders who use their own servers, PHP is the code that WordPress is built on. We’ve recently had clients unable to update parts of their site because the PHP was out of date. Some hosting vendors are still using PHP 5.6 by default when WordPress supports up to version 7.3, for example. A lot of folks don’t realize PHP or can be a problem until a plugin can’t get updated or there is a system issue. Modern PHP is faster and more secure and should be updated at the server level in most cases (SiteGround, our preferred hosting company for our clients, allows you to control your PHP from WordPress). You can read more about PHP from WordPress here.
Plugins are a great way to increase site form and functionality in a couple simple clicks. Most plugins will give clear alerts when updates are available, but many times they are ignored because updates can be frequent and annoying. Some folks also use premium plugins that only have a year of updates, then licenses expire and plugins fall into an outdated status. Outdated plugins can also be hacked (SQL injection is common) and should always stay up to date. Some plugin programmers also may identify an issue but are slow to find a security patch – this is more common for free plugins in our experience. It can be annoying, but most plugin companies will send out emails (do you automatically spam these?) when there are issues and steps to take to stay safe.
If you are using Divi theme (our favorite!) then you know how frequently updates come out. Not only does this mean more pre-made layouts, but also new functionality. From time to time, if you read the update logs (who doesn’t?), updates are released to patch security errors. We also, as a best practice, update any other themes on the site that is unused (it’s common for many folks to keep the standard twenty nineteen theme, for example, installed but not active). The theme also should come out with updates whenever there are major WordPress updates – we found that WordPress 5.2.3 update without updating Divi caused some visual issues on a couple client pages. Thankfully, reputable theme builders come out with frequent upates to match WordPress releases.
And remember, if you have custom CSS or other customizations, always make a child theme to prevent from losing these changes!
When WordPress 5 came out, there was hesitation (including from us) around the WordPress community moving to a new backend builder (called Gutenberg). We cautiously moved forward with moving out clients over to the new framework (backing up with BackupBuddy first) then installing the Classic Editor. A lot of folks did not like the new editor so they never installed Gutenberg and stuck with WordPress 4.9 for months. Thankfully the Classic Editor allows for the same experience in WordPress 4.9 within WordPress 5.x. WordPress continues to come out with core updates frequently, mostly for security and performance reasons.
This might seem like a lot of work, and it can be, depending on how the site is set up. Sites with a child theme built (for custom CSS, etc) and with valid licenses for all paid plugins, and a backup program installed, it’s no big deal at all. Some clients prefer doing this work themselves so they can learn and grow with their site. Some of our other clients, including out clients using our cloud services subscribe to one of our maintenance packages. Starting at just $50/mo, we take care of updates for our clients (and include cloud hosting!) so there is no question if the site is up to date or not. We call this our “hands-on” approach for busy business owners who don’t have the time to keep track of updates, make backups, and perform updates. Let us take care of this for you to give you the piece of mind of a secure and fast webpage.
Interested in hosting or maintenance packages from us? Give us a shout!