Stay Safe and Keep Your WordPress Up To Date
by Ben Gabler on
After you’ve been around software for any length of time you’ve been nagged by your system to update. Your WordPress site is no exception to the never-ending treadmill of updates just it’s much easier to ignore if you don’t log into your admin panel very often. As you probably suspected, this is a really bad idea!
In this article, we will take an in-depth look at what updates are, why they matter, and how to get your WordPress site up to date and keep it that way.
What Are Software Updates Anyway?
Most of the manufactured objects that we own are finished and complete from the moment we get them. They are designed and created to complete their working lives the way that they leave the factory.
Software works differently.
From operating systems that contain hundreds of thousands of files to individual applications that maybe only have one, software is always being worked on. As a developer works on an application they will group together their changes into a release and that is given a version number. This new version is made available to the software users as an update that replaces the installed, older version of the software with the new one.
Updates are created to address the following issues:
- Security – Software can bugs that can be exploited. Security updates fix these critical bugs.
- Stability and performance – Software can contain bugs that cause crashes or other unwanted behavior. These updates fix these issues.
- Features – Developers and users love to get new features in their software. These updates increase the functionality of the software.
The software that makes up a WordPress instance will receive updates for all of these reasons.
Do I Have To Update WordPress?
Yes, you do.
The single biggest reason that WordPress sites are compromised is through out-of-date software. Hackers are constantly probing WordPress software for bugs that allow them to hack into a site. When they find such a bug they will exploit it, destroying your WordPress site when they do.
Developers fix these high priority security bugs as soon as they can and push out the fixes as updates. If you don’t apply those updates to fix the security bugs you are leaving the door to hackers wide open.
What Do I Need To Update?
A WordPress site and the supporting server all have software that needs updating. In spite of there being a huge number of files they all fall into one of these four categories:
- Operating System
- WordPress Core
The operating system is what the underlying server runs that powers your WordPress instance and is most likely to be some flavor of Linux. Typically if you’re using managed WordPress Hosting you do not have to worry about these, but in the event you manage your own server it’s extremely important to keep the OS up to date.
The remaining categories are all a part of your WordPress installation.
If you manage a server…
WordPress is just one layer of updates. If you manage your own cloud, vps, droplet and have root level access, you’ll also need to take into consideration operating system level updates.
Linux is a single name that is actually rather a lot of different flavors. This means that there are differences in how they discover and display available updates. Fortunately, you are only likely to have your WordPress site hosted on one of three Linux flavors or distribution. These are; Debian, Ubuntu, or CentOS.
The first step to checking for updates is to log into your server via SSH. After you have logged in run the following command on Debian and Ubuntu:
sudo apt update
This command will print, amongst other output, the following line to tell you how many updates are pending:
99 packages can be upgraded. Run 'apt list --upgradable' to see them.
If you are running a CentOS server run the following command:
sudo dnf check-update
This will not give you a neat number of available updates but rather a list of all the packages that need updating.
WordPress tries its best to let you know about any updates as soon as you log into the admin panel. You will see a number in red next to the Updates line in the left-hand navigation panel:
This is the total number of updates including WordPress core, plugins, and themes. Click on the Updates line to see how these updates break down on the updates page.
If the WordPress core needs updating you will see a section like this:
The next section will show you any plugin updates:
The last section will contain any themes updates:
How Do Update Everything?
While the actual process of updating is usually pretty straightforward care must be taken. This is particularly the case for any error messages or unexpected behavior from the updating tools. If you encounter an error carefully read what it says and, if you don’t know how to proceed copy and past it into Google.
Run the following command to update Debian and Ubuntu servers after you ran the previous command:
sudo apt upgrade -y
The following command will update a CentOS server:
sudo dnf upgrade -y
WordPress – Core installation
Stop there! Before you go any further updating the WordPress core installation manually. You should read the WordPress updating documentation. This operation might not look like more than clicking a button but you can lose your data if you don’t know what you are about to do.
After all that, go ahead and click on the Update Now button in the WordPress admin panel:
The process for the plugins is, again, select one or all of the plugins to update and then hit the Update Plugins:
And finally, the themes are the same as the plugins, select the themes you want to update and hit Update Themes:
Once everything is updated your Updates page will look like this:
That Sounds Like A Lot Of Work!
It sure is. And this is only one update. You must keep on top of this because the hackers won’t put off hacking your site until you’re less busy.
There is a better way.
Rocket offers a fully managed WordPress hosting platform that will take care of all of these updates for you.
The Linux OS is managed and updated by professional system administrators to ensure a secure and up-to-date server.
As for WordPress, the only time you need to invest in keeping your Rocket WordPress site is to flip these switches inside your Rocket control panel:
You can now get on with building an amazing WordPress site and driving traffic and not worrying about updates and hackers.