A Word About WordPress Updates

A Word About WordPress Updates

It’s pretty much an undisputed fact that you have to keep your WordPress site up to date.

The latest stats (as of March 2017) say that WordPress powers like 27% of all the websites which makes it somewhat of a target for hackers. They’re always trying to get into WordPress websites to use them for their nefarious means like advertising pharmaceuticals or athletic shoes. (Don’t ask me why.)

So there are a myriad of reasons to compel you to keep your WordPress website up to date, not the least of which is security and keeping your site from getting hacked for your own sound business purposes. (Cleaning up a hacked site is a giant pain in the neck.)

Also, you want to stay not-hacked for the sake of your web host. You don’t want to be the weak link on a shared web host that gets compromised and takes down the rest of the sites on your same server. Web hosts get a little testy about this.

There are different types and levels, if you will, involved in the world of WordPress updates and some of them even happen automatically for you (seemingly whether you want them to or not), so let’s take a few minutes out of our day here to look at the types of updates that should occur, what their purpose is, and how much you have control over.

But first a detour

Sorry – I jumped the gun a little bit there. Maybe before we delve into updates, we ought to have a lesson on versioning – what it is and what important secrets those mysterious numbers reveal.

At the time of this writing, WordPress is at version 4.7.3 which was just released Tuesday this week. You can tell what version of WordPress you’re running by a quick glance at your dashboard. In the “At a Glance” box (imagine that), it gives you the full version number.

WordPress current version

 

A brief history lesson

Since the dawn of computers, there have been people who get excited about making computers do stuff. Those people are called developers.

As a species, developers tend to be a fairly analytical lot, and they like to keep track of stuff. When you’re constantly developing a piece of software and fixing bugs and adding features, keeping track of stuff can get convoluted fast.

So naturally, these analytical folks devised a system to help them stay straight with what goes where in the many, many different iterations of their code. And thusly, versioning was born. (I’m making this up but that is more or less the crux of the thinking behind providing version numbers for software, and WordPress is no different.)

What those digits mean

WordPress versions are typically either a two-digit number – e.g., 4.7 – or a three-digit number – 4.7.3. (There have been instances in the past where that third digit gets out of control and they have to add a fourth digit, but that hasn’t happened in quite a while.)

The “formula” WordPress has decided to follow for their versioning is X.X.Y.

The first part of that – the X.X – represents a major version of the software – new features and new ways for the code to interact with other code. The last major version of WordPress was 4.7 which came out last December. The next major version will be 4.8.

But in between versions 4.7 and 4.8, you’ll experience a bunch of other baby versions. The Y digit designates a minor release – typically for bug fixes or security patches. We’ve now seen 3 minor releases – 4.7.1, 4.7.2, and now 4.7.3 – since December.

Each time a new release comes out, WordPress increments one of those digits. If it’s a major release, they increment the X.X digits. If it’s a minor release, they increment the Y digit.

Super simple, right? If this is really a fascinating subject and you want to read up on it, you can learn more about the WordPress versioning philosophies here: https://make.wordpress.org/core/handbook/about/release-cycle/version-numbering/.

Now for the good stuff…

1) The major update

When a new, major version of WordPress is released, there’s usually a lot of hoopla and fanfare. It’s named after a Jazz musician, there’s a whole hype video. Lots of new features, bigger and badder cool stuff.  And because there are new features and new code, WordPress doesn’t force this one on you. They let you take your time to test your site and make sure nothing breaks with the new code.

But even if WordPress doesn’t push you to update, very often, your web host will.  It might start as a gentle nudge, but eventually it can escalate to increasingly alarming warning emails letting you know your site is dangerously out of date. And to some extent, they’re not exaggerating. Old versions of WordPress get hacked. Period.

This is where a good maintenance plan comes in handy because then you’re on a schedule and you know your site is going to be updated in a timely manner. And you get all the latest goodies on your site. So bonus!

2) The minor update

In WordPress, minor updates – remember the Y digit of the version number – gets incremented (e.g., going from version 4.7.2 to 4.7.3). These occur typically as a result of fixing (called “patching”) a security hole or a bug that has been discovered.

These types of “minor” updates are so important that these days they update on your site automatically. If they don’t, someone likely had to go out of their way to specifically turn them off.

When WordPress first started pushing automatic updates for minor releases, there was a huge hullabaloo in the developer community because no one wanted WordPress taking that kind of control out of their hands, but in the years since this has rolled out, it has really proven to be a non-issue. The WordPress developers test the crap out of these kinds of security updates and really, you want these to get on your site as fast as possible to thwart any nefarious attempts at exploiting security holes.

Once an update is applied to your website, you’ll most often get a jaunty little email notification about it. WordPress is very considerate that way. Looks like this…

WordPress update notification email

And now that I’ve said all of that, you should be aware that there is a situation where minor updates may not happen on your site right away.

You see, with the way these are triggered in WordPress, a site requires that it gets a hit (or a visit) to it after the update is released in order to push out the update. So if you have a test site or even a live site with very low traffic that you’re not getting some kind of hits on every single day, then it’s possible that site won’t get the update.

So just as a rule, go visit your own site on a regular basis. 

3) The plugin and theme updates

Ahhhh…plugins and themes. These are what gives your site its personality – themes make it pretty and plugins make it do fancy stuff.

They are added layers of code on your site, and it’s likely you’ve got somewhere in the vicinity of 10-20 different plugins and themes installed.

Every time WordPress puts out any kind of release, major or minor, technically, the developers of those plugins and themes are supposed to:

1) make sure that they’ve tested their plugin or theme and insured that it doesn’t break on the new version of WordPress, and

2) make sure they don’t have to update something in their code, too, especially if a security problem has been uncovered.

That’s why you see a rash of plugin and theme updates shortly following a new release of WordPress.

On top of that, plugins and themes also have their own cycles of adding new features as well as fixing bugs and security patches.

So you can see that it’s critical to update your plugins and themes as well anytime WordPress is telling you that they’re out of date. You can tell when you’re due by the glaring red circle with a number in it next to the UPDATES and/or PLUGINS links on your dashboard:

WordPress Plugins and Theme Updates Needed

And quite honestly, plugins and themes are where your big risks are for getting hacked because they’re the easiest to overlook and most likely to be outdated.

So there you have it – the low down on WordPress and it’s types of updates you’ll encounter with it. Long story short, keep your site up to date!