One of the most important features of WordPress is the built-in security and self-protection against hackers and malware. While the truth remains that every website is vulnerable to hackers, because somehow malicious people seem to stay a step ahead of above-board programmers, WordPress provides the best security in the business, with many hundreds of people contributing to its backbone of software.
First a little “look under the hood” at your WordPress site with a couple of quick definitions:
WordPress Core: This is the large body of files and the database that “makes WordPress go.” Many, many volunteer developers write this code and keep it updated with better ideas and better security, and these updates are available regularly.
WordPress Theme: These files determine the look and feel of your site. In a custom design, we create the theme from scratch using our client’s ideas, logo and graphics. In a template-based design, we use one of the many readily-available themes that have been pre-designed and built.
WordPress Plugins: These are add-on software chunks that add functionality that is not built into the WordPress core. If you have a WordPress site, you likely are running 10 or more plugins for various tasks – Contact Form 7, All in One SEO, NextGen Gallery, Simple Shopping Cart, and Better WordPress Security are just a few that we include with our regular WordPress installation. Each plugin is written by independent developers, and they sometimes do and sometimes don’t keep their code updated.
Keeping your website up-to-date and protected presents a challenge and a catch-22. In order to keep your site the most safe, it is recommended that you update your WordPress core files and plugins regularly, keeping your site running with the most current security patches.
However, the challenge comes in compatibility. If I update the core today, will my theme’s code work with the core’s new code? Will the plugins I’m using get updated by their respective developers to work with the new core? Sometimes plugins that we know and love become “abandoned” by their developers and eventually stop working as the rest of WordPress moves on.
A good analogy might be your car: Think of the WordPress core as the car itself, the theme is the car’s paint job, and the plugins are replaceable things like the tires, brakes, alternator, etc. If you buy a new car, your old tires, brakes, and even paint job may or may not work, even if you get the same exact car model a year later. If you put a 2013 Ford alternator into a 2014 Ford, it either may work fine, may not work well, or not work at all.
So, what do you do? We recommend that once a year (like going to the doctor), you have a professional go through your site, back up the files, and perform all of these updates for you. While WordPress is designed to be a DIY tool, there are times like this that a regular check-up is important. Most often, things go well, but occasionally a plugin replacement is needed. But, in the end, your site is updated and as safe as can be. You may elect to do this yourself, but please be sure to take a full back up of your WordPress site first, in case something goes wrong and you need it restored to the previous version.
As always, we’re here to help! Contact us for advice on your specific site, and you can trust that we’ll steer you in the right direction.