WordPress Plugins allow you to enhance the functionality of your WordPress website. With over 50,000 to choose from, there is plenty on offer. However, it is important that you keep them updated. In this post, we discuss the reasons why and then how to update them.
Security & Bug Fixes
Hackers are often looking for vulnerabilities which they can exploit to take control of WordPress web sites. Despite the best endeavors of WordPress plugin authors, bugs can occasionally make into the Production code. It is these that hackers try to exploit.
Here are two real life examples;
WP GDPR Compliance is a plugin to help you to make your website GDPR compliant. A bug was identified in all versions up to and including 1.4.2. This meant that hackers could gain Administrator rights to the WordPress website and therefore do untold damage. The vulnerability was reported on the WordFence website and the bug was fixed in version 1.4.3.
Wordfence are reported a vulnerability had been identified in the WordPress Plugin – WP Cost Estimation & Payment Forms Builder (source). The vulnerability was identified in versions prior to 9.660. The article explains that the upload function can be exploited to delete the WordPress config file and then take control of the WordPress installation.
Over time technology evolves and plugin authors update their plugins to take advantage of these changes. One of the benefits of this is the performance of the plugins. Plugins are often rewritten to make use of the changes to WordPress or PHP, the computer language which WordPress is written in.
As more uses install a plugin, the WordPress community begin to make suggestions to the plugin author on additional functionality for the plugin. Updating your plugins will give you access to the enhanced functionality.
Two of our favourite plugins are Sitekit By Google and Updraft Plus. However, there is a compatibility issue between the two plugins which means that Updraft Plus does not backup your site properly. This is a pretty major issue and at the time of writing, a fix has not yet been written.
You can guarantee though, as soon as a fix is released, we will be updating to the latest version so that both of these plugins will work together.
When do my plugins need updating?
The good news is that WordPress will tell you when there are any updates to apply. The first indication is there will be a number against the Update icon on the Admin toolbar.
Alternatively, on the left hand menu, Updates will show how many updates there are to apply and against Plugins, you will see how many of them are Plugins.
Don't just update without planning
Updating blindly isn’t without risk; there may be a bug in the release or compatibility issues.
As we have learnt from lots of pain, always backup before you do anything. At least that way, you have a position that you can restore from. Our favourite backup plugin is UpDraftPlus which has over 2 million installs. There are plenty of alternatives available to meet your backup needs.
Even better is to test before you update. In an ideal world, you should have a mirror staging version of your live site. On this site, you can test any updates, making sure that there are no issues before applying the changes to the live site.
Each plugin will have its own Changelog, this enables you to understand the impact of the change and test the relevant functionality in the test system.
How do I update my WordPress plugins?
So after you have taken a backup, you can get on with updating the plugins. Against each plugin in the list will be an “Update Now” link. It is advisable to update each plugin individually rather than in bulk, so that if there is an issue, you only have one plugin to deal with.
When should I updated my WordPress plugins?
This depends on a number of factors. If you have lots of plugins, then you should be reviewing them monthly. It may not be necessary to update every month but at least you will know what work you will need to do. If you don’t have many plugins, then reviewing them every six months should be sufficient.
If you are using security plugins such as Wordfence, then they will provide protection from such attacks through the rules they build into their firewall. Additionally, Wordfence will also alert you to when a new version of a plugin is available.
That all sounds too hard
If that all sounds to technical or is something that you don’t have the time to manage, then don’t worry – we have a solution for you.