Recently, WordPress one of the world’s most popular content management systems (CMS) released its latest version, 5.5 “Eckstine”, to great fanfare. The reason? For the first time, WordPress will allow website owners and managers to turn on automatic updates of themes and plugins from directly within the WordPress dashboard.
So why is this brilliant news for millions of website owners? And why might it not be as much of a revelation for so many others? We’ll tell you shortly. But first, let’s cover why keeping everything updated on your WordPress site is so important.
Why It’s So Important to Keep Plugins and Themes Updated
Updating themes and plugins is a vital task for those of you with WordPress websites for several reasons. But site security is the first and foremost concern when it comes to updating plugins in particular.
WordPress is secure, as long as publishers take website security seriously and follow best practices. However, to secure additional functionality, most sites have anywhere from a couple to a dozen plugins to help it perform as needed. The issue is that each plugin you add to your WordPress site (even if it’s a plugin designed to improve security) will technically add a point of vulnerability.
Basically, additional code from a third-party source (even a trusted one) can potentially leave your entire system further exposed. Just one weak link can break the chain and cause severe damage to your site, business, and reputation.
The problem is many website owners leave their updates prolonged for years. The longer a plugin, theme, or WordPress itself hasn’t been updated, the longer hackers have to probe, test, and penetrate weaknesses in their respective code.
That’s why updating them on a regular basis is so crucial. Plugin and theme developers always aim to spot these weaknesses and issue patches and updates to keep your site secure and fix other performance-related issues.
If you think that you’re safe not updating some of your plugins developed by prominent, well-known brands, then you’d be wrong. Duplicator, which is a plugin that lets site administrators export the content of their sites, is one of WordPress’s most popular plugins.
However, being backed by a massive team of developers didn’t stop hackers from discovering a bug that allowed attackers to export a copy of the site, from where they could extract database credentials, and then hijack a WordPress site’s underlying MySQL server.
Why WordPress Auto-Updates Represent Great News for Many Website Owners
While you may now appreciate the importance of regular updates, the issue for owners of business websites is that manually updating plugins and themes is a time-consuming task, particularly if you’ve got several installed on your WordPress site.
There’s always plenty of other website tasks to take care of, such as monitoring Google Analytics or fixing 404 errors. Updating your theme or your plugins is usually low on the priority list, despite its importance.
Thus, WordPress auto-updates sound like a godsend for those who don’t have the time to continually monitor their WordPress dashboard and want to focus on growing their business instead. With the click of a few buttons, all theme and plugin updates will be taken care of automatically thereafter.
However, the truth of the matter is that it’s not quite as simple as that.
Why WordPress Auto-Updates Don’t Represent the Holy Grail for Busy Webmasters
WordPress auto-updates are undoubtedly a massive upgrade for operators of blogs and informational sites that can often go unattended for months or years, thus increasing the risk of being hacked via outdated plugins or themes. However, the issue is that updating plugins is not always straightforward; especially if that plugin is performing an essential role in your website’s functionality.
To give you an example, let’s say you have a WordPress WooCommerce store, and your WooCoomerce support plugins auto-update while you’re on holiday. One of those supportive plugins has just been auto-updated, and that auto-update makes product checkout on your site impossible.
Suddenly, a simple auto-update cycle has left your online business unable to make money. Not only have you lost that day’s expected revenue, but your holiday is also ruined as you spend the next few days frantically trying to put it right.
This is just one of many potential issues, some of which could be in play for months before you’ve realised what’s happened. Here are some more of the potential problems with leaving your WordPress site on auto-updates:
Concurrent automatic updates can overload the resources allocated to your server, causing your website to crash.
Plugin updates often have initial teething issues that could introduce vulnerabilities to your site. In many cases, it’s better to wait for version two or three of an update, which has fixed all of the known significant errors.
Major plugin or theme updates could cause compatibility issues for each other.
Smaller developers of niche plugins have less ability to test their releases beforehand. In many cases, your site will act as a guinea pig potentially exposing your business to a fatal flaw.
With auto-updates, it can often be hard to tell what’s changed until it’s too late. For instance, it could be weeks before you discover that your main website enquiry form has stopped working, losing you dozens of potential clients.
Why You Need Experts Onboard to Handle Your WordPress Auto-Updates
After reading the points above, you might think that WordPress auto-updates are a terrible idea. But that’s not the case; it all depends on the type of website you have.
For personal blogs and general information sites, the massive time-saving benefits of auto-updates outweigh the potential negatives. Likewise, if you have less than five or six plugins that don’t have any significant bearing on the functionality of your site, then you might want to consider auto-updates.
However, for e-commerce sites & business sites that depend on website enquiries, and revenue-generating online businesses, it makes sense to pay much closer attention to your plugin and theme updates.
In essence, when approaching the question of WordPress auto-updates, there are three possible approaches:
Turn on auto-updates for all plugins.
Turn on auto-updates for some plugins.
Turn off auto-update for all plugins.
If you’re unfamiliar with the role your plugins play in your website, then you’re going to need the help of an expert who can determine which ones are safe to put on autopilot, and which ones need extensive testing before updating.
Choose McGinn & Dolphin to Look After Your Site-Critical WordPress Updates
At McGinn & Dolphin, we’ve been taking care of WordPress maintenance for our clients for over a decade. We can rely on those years of industry experience to decide how many (if any) of your plugin and theme updates should be automated.
If you own or operate a site whereby automatic updates are an unwise choice for some or all of your plugins, then our monthly website maintenance packages offer you peace of mind that experts are overseeing your critical updates. We even take the time to test the impacts of new updates on temporary staging sites, to ensure no damage is ever inflicted on your business.
So if you would like to tap into the knowledge of website experts, or have us perform a WordPress website audit to assess your exposure to WordPress auto-updates then feel free to schedule a call with our team to discuss your website in more detail.