“Wha-a-at? I’m a WordPress website owner. I have responsibilities?…Oh, I got it covered. I write in my blog and keep the content up to date.”
Your ‘audience’ requires that you keep your content up to date. Your reputation requires you to keep the content up to date. The website’s ability to keep prospects’ attention requires you to keep the content up to date.
WordPress requires regular software upgrades
Using WordPress requires that you keep the software up to date. I’m writing about this today because of what I have seen during several recent software upgrades. Typically, I don’t do one-offs because it is not in my clients’ best interests. Instead, I offer a year-long program where the software is upgraded every month. This reduces their exposure to website attacks because up-to-date software is a deterrent to hackers. Alas, these recent requests were from business colleagues regarding the websites of their clients, so…
When I logged into the websites, I found that the WordPress (WP) core, themes, and plugins had not been updated in years. One website had not been updated since 2013. Another website had not been updated since April 2016, and, the hosting provider had not updated the underlying software (PHP) since 2011!
Clearly, there is a misunderstanding about using WordPress. Many users (and some developers) think that you can “set it and forget it.” This is not true. Technology has improved exponentially over the years; making websites display faster and employing sophisticated security techniques to protect against today’s brazen hackers. Websites need to keep pace with these changes in technology.
WordPress is not a shrink-wrap software package like the ones on your desktop, laptop, and iPad. It is a collection of a couple of hundred files, and those files sit on a website server. The purpose of the server is to let the traffic flow from one website to another as easily as possible. The server software has security, as does the WordPress software, but, by the nature of the Internet, that security is much more loose than that on your laptop.
So, a WordPress website owner has increased exposure just because of the way things work on the web.
WordPress is Open Source Software
A factor that increases a WP website owner’s exposure is that the WordPress code (software) is open source software. As such, the code is available for all to see and all to edit. And ‘all’ includes both the well-intentioned and maliciously-intentioned. Hackers are primarily known to act with malicious intent.
Outdated Files are Attractive Targets for Hackers
An attractive target for hackers is a file with an old “last updated” date. This indicates to a hacker that no one is paying attention to this file. When no one is paying attention, the hacker has time to build, test, and tweak a hack.
How do you get the last updated date to change on the files at your website? You update the software. Each time a theme, plugin, page builder, framework, or the WP core is updated, the date on all the associated file gets updated.
Managed WP Hosting
Some of you have your websites in a “managed WordPress hosting” account. This sounds like you are 100% protected, but, oftentimes, a managed WordPress hosting account updates the WordPress core only, leaving the other hundreds of files sitting in a vulnerable state. What about the page builder, framework, themes, and plugins? Is your hosting provider updating them? Your action now is to contact your provider to learn what exactly is being updated. The core, framework, page builder, themes, and plugins all need to be updated regularly.
If not all files are being updated, you may need to upgrade your service, move your service, or, hire a professional to perform the upgrades for you.
WordPress Website Anatomy 101
Your WP website is comprised of hundreds, sometimes, thousands of files. The website runs using the WP core files, the theme files, the plugin files, and sometimes, there is even a “framework” and/or a page builder, both of which have hundreds of files.
Each WP website has a different number of files because the number of files depends on the configuration of the components mentioned above.
Does your website have a framework (i.e. Genesis, Divi)? Does it have a page builder (i.e. Beaver Builder, Elementor) ? How many plugins does it take to produce the design and functionality? And, even though it uses just one theme, how many theme packages are being stored in the themes folder? Even – Especially – the unused themes need to be updated. Ideally, they are removed, but, there are valid arguments for keeping at least one of the WordPress-issued (Automattic-issued) themes for testing.
WordPress Website Owners’ Responsibilities Summary
So, the summary is that there are way more files than you care to think about. The files need to be updated regularly – AND – it is your responsibility to make sure that it happens.
Don’t bury your head in the sand because it is “computers”. Don’t assume that your webmaster does it. To my knowledge, upgrades are never included in packages, and, instead, need to be special ordered. Don’t count on a backup working. You know that backups always work when we are testing and oftentimes fail when we need them most.
WordPress website upgrades are similar to taxes. Someone else keeps up on the latest versions and rules. Someone else does the calculating and updating. But, YOU ultimately hold responsibility for the correct reporting (condition of the website).
Sign up for WP automatic upgrades today!