You probably already know how important it is to keep WordPress updated, but what about plugins and themes?
The short answer here is that yes, it’s important to keep everything updated. But the reasons why are worth knowing too.
How Many Updates..?
WordPress itself has actually had an amazing 27 updates released in the last 12 months alone. This took it from version 4.3 to version 4.6.1.
Now not all those releases are public of course, many of them are only ‘beta’ releases which go out to the WordPress development community (including the keen and the daring) for testing and evaluation. It’s common to see 4 to 6 of these ‘test’ releases before an official ‘safe’ version is released to the public. Each version fixing bugs and making new things work better.
But creating software is hard. Trust me, I’ve been there!
So even after 6 revised versions it’s not uncommon – in fact, it’s become normal – for there to be a ‘Security and Maintenance Release’ within a few weeks of a public safe version. Why? Because WordPress alone is now used by literally millions of websites (W3Techs show 26.6% of the top 10 million websites use it, that’s 2.6 million sites right there). And each of those sites has it’s own combination of theme and plugins. Giving the WordPress development team an impossible task of testing every possible combination of real world use.
So some bugs will always get through.
And that’s why it’s important to stay up to date. Yes, it’s nice to have the shiny new features that the programmers add. But it’s far more important to get the bug fixes that these releases include. In particular of course those related to the security and stability of your website.
Somewhat shockingly there are a huge number of sites still using much older versions of WordPress. Despite version 4.0 being officially released over 2 years ago now (4th September 2014) it is amazing to see 11.5% of sites on versions even older than that:-
This is only for the top 10 million websites too. (For anyone still counting, version 2 is over 6 years old, and version 1 is over 11 years old!). And bear in mind that the initial ‘version 4’ release is now over 2 years old – not even a quarter (23.4%) of those version 4 sites are actually on the latest code.
You can only imagine that these figures get worse as you look at the other 250 million or so websites now online (that’s real sites as opposed to registered domain names, which total around 1 billion).
Getting Back To Plugins
Whilst it doesn’t necessarily directly correlate, it’s likely that most of these sites running old – or even ancient versions of WordPress – are also using very old versions of plugins.
It’s also perfectly possible to have WordPress bang up to date, but not have updated plugins for years.
Just to get an idea of the scale of this problem, let’s take a look at the stats for 3 of the most used WordPress plugins. Each of these is in active use on more than 1 million websites.
That’s 27.4% using the 4.3 version. Everyone else is using older code, with 26.6% using something even older than 3.9. Note that these are stats for active versions of the plugin.
Similarly with Yoast’s plugin, only 16.6% of sites are using the current version.
Contact Form 7
Again, only a quarter of sites using the latest Contact Form 7. With 16.7% using something released before January 2015 – that’s 1 year and 8 months ago.
Does It Matter?
In a word – yes.
Those plugin updates included numerous security fixes. I know, because I checked. The authors of the plugins want you to use the latest, safest versions of their code. That’s partly why they update them.
This was just a sample of 3. The story is pretty much the same for every plugin. Although of course most plugins are installed on a lot less sites than these.
So depending on how many plugins a site is using – it could be a few, or a dozen – that leaves an awful lot of out of date code. And out of date code means bugs that have not been fixed, and potentially a site with lots of gaping big security holes.
It could well mean sites that have already been hacked years ago, and the site owner has not even noticed.
So What Can You Do About It?
Get into the habit of updating your site regularly. If you’re not technical or are unsure of what you are doing, then don’t blindly update everything in sight. That itself can cause problems if changes introduce new bugs into your site. You need to know how to go backwards as well as forwards.
Of course if all this is too much of a headache or makes your head spin… If it bears no resemblance to what your business is really about… Or you just want a website that you don’t have to touch… Then pay someone else to take the whole messy problem out of your hands. Our website management service is specially designed for small businesses who need a website but don’t need or want to know how to run one.
If nobody else is taking care of updating your site, then the problem really is in your hands, whether you realised it was a problem or not. When the phone stops ringing or the orders stop arriving is an expensive time to start looking for help.