You probably already know how important it is to keep WordPress updated, but what about plugins and themes?
The short answer here is that yes, it’s important to keep everything updated. But the reasons why are worth knowing too.
How Many Updates..?
WordPress itself has actually had an amazing 27 updates released in the last 12 months alone (at the time of writing – and that’s not unusual). This took it from version 4.3 to version 4.6.1.
Now not all those releases are public of course, many of them are only ‘beta’ releases which go out to the WordPress development community (including the keen and the daring) for testing and evaluation. It’s common to see 4 to 6 of these ‘test’ releases before an official ‘safe’ version is released to the public. Each version fixing bugs and making new things work better.
But creating software is hard. Trust me, I’ve been there!
So even after 6 revised versions it’s not uncommon – in fact, it’s become normal – for there to be a ‘Security and Maintenance Release’ within a few weeks of a public safe version. Why? Because WordPress alone is now used by literally millions of websites (W3Techs show 26.6% of the top 10 million websites use it, that’s 2.6 million sites right there). And each of those sites has it’s own combination of theme and plugins. Giving the WordPress development team an impossible task of testing every possible combination of real world use.
So some bugs will always get through.
And that’s why it’s important to stay up to date. Yes, it’s nice to have the shiny new features that the programmers add. But it’s far more important to get the bug fixes that these releases include. In particular of course those related to the security and stability of your website.
Somewhat shockingly there are a huge number of sites still using much older versions of WordPress. Despite version 4.0 being officially released over 2 years ago (4th September 2014) at the time of writing it is amazing to see 11.5% of sites on versions even older than that:-
This is only for the top 10 million websites too. (For anyone still counting, version 2 is over 6 years old, and version 1 is over 11 years old!). And bear in mind that the initial ‘version 4’ release was over 2 years old – not even a quarter (23.4%) of those version 4 sites are actually on the latest code.
You can only imagine that these figures get worse as you look at the other 250 million or so websites now online (that’s real sites as opposed to registered domain names, which total around 1 billion).
Getting Back To Updating Plugins
Whilst it doesn’t necessarily directly correlate, it’s likely that most of these sites running old – or even ancient versions of WordPress – are also using very old versions of plugins.
It’s also perfectly possible to have WordPress bang up to date, but not have updated plugins for years.
Just to get an idea of the scale of this problem, let’s take a look at the stats for 3 of the most used WordPress plugins. Each of these is in active use on more than 1 million websites.
Jetpack
That’s 27.4% using the 4.3 version. Everyone else is using older code, with 26.6% using something even older than 3.9. Note that these are stats for active versions of the plugin.
Yoast SEO
Similarly with Yoast’s plugin, only 16.6% of sites are using the current version.
Contact Form 7
Again, only a quarter of sites using the latest Contact Form 7. With 16.7% using something released before January 2015 – which was year and 8 months ago.
So Does It Matter? Do I Need To Update WordPress Plugins?
In a word – yes.
Those plugin updates included numerous security fixes. I know, because I checked. The authors of the plugins want you to use the latest, safest versions of their code. That’s partly why they update them – security. So this is why you should update WordPress plugins.
This was just a sample of 3. The story is pretty much the same for every plugin. Although of course most plugins are installed on a lot less sites than these.
So depending on how many plugins a site is using – it could be a few, or a dozen – that leaves an awful lot of out of date code. And out of date code means bugs that have not been fixed, and potentially a site with lots of gaping big security holes.
It could well mean sites that have already been hacked years ago, and the site owner has not even noticed. This happens.
So What Can You Do About It? What Is The Best Way To Update?
Get into the habit of updating your site regularly. Yes, it’s a nuisance, but so is trying to get your site back online after it gets hacked.
If you’re not technical or are unsure of what you are doing, then don’t blindly update everything in sight. That itself can cause problems if changes introduce new bugs into your site. You need to know how to go backwards as well as forwards.
Of course if all this is too much of a headache or makes your head spin… If it bears no resemblance to what your business is really about… Or you just want a website that you don’t have to touch… then the best way to update WordPress plugins is to pay someone else to take the whole messy problem out of your hands. Our website management service is specially designed for small businesses who need a website but don’t need or want to know how to manage or update it.
Is It Safe To Update WordPress Plugins?
There is a risk when updating code that something on your site will break. So no, it is not 100% safe. But it’s also very unsafe to never update your site.
You need to find the right balance, which will be determined by how mission critical the website is. If it’s just a personal blog that only your family reads then the risk is minimal. If your income depends on that website then dedicating time or money to this is not really an option.
How Often To Update WordPress Plugins?
Ideally every day but only updating those plugins you know won’t cause a problem to your website.
But I get it, that’s just not going to happen in most cases. So set your own schedule that you are comfortable with. Weekly is a reasonable compromise. Then check your site is still functioning correctly after each update – if something breaks, then go back to the previous version.
In Summary – Why Should You Update WordPress Plugins?
- To keep your website safe and secure
- To fix security related bugs discovered in those plugins
- And also to take advantage of new features and improvements
If nobody is taking care of updating your site, then the problem really is in your hands, whether you realised it was a problem or not. When the phone stops ringing (or the orders stop arriving) is an expensive time to start looking for help to fix a broken website. So you might want to bookmark our Fix My Website service just in case.
P.S. If you do ever find yourself staring at a broken website, there are some quick things you can try – see My Website Is Down How To Fix It. Some solutions are a bit technical, but it could save you in a pinch.