We use cookies to understand how you interact with our site, to personalize and streamline your experience, and to tailor advertising. By continuing to use our site, you accept our use of cookies and accept our Privacy Policy.
Contact Us
Contact Us
Sign in
Sign in
December 17, 2014

WordPressIf you don’t update your WordPress site, it may be vulnerable to hackers.

Updating a WordPress site is one of those tedious tasks that has to be done, but doesn’t usually confer any obvious benefit. Sometimes you’ll get a new feature, but most of the time, you hit the update button, the site prints out a few lines of uninteresting verbiage, and nothing much happens except that the number on the update menu item disappears.

Some people like to update just because they get a sense of satisfaction from seeing that number disappear: the sort of people that get mildly stressed if their email inbox shows unread messages at the end of the day. Most of us aren’t like that, and because updating WordPress brings no obvious benefit, it tends to be sidelined by more interesting tasks, like writing new content or playing Threes.

And, lets face it, WordPress asks to be updated with a frequency that is off-putting to even the most solicitous site maintainer.

So, I understand why many WordPress users don’t bother to keep their installation up-to-date. But I also understand the result of not updating can be catastrophic for businesses, publishers, and others that rely on WordPress.

WordPress is a complicated piece of software made even more complicated by its ecosystem of thousands of plugins. As smart as humans, and especially developers, are, they aren’t so smart that they never screw up when building complicated things. Mistakes are made and those mistakes can create security vulnerabilities.

Security vulnerabilities like this, and this, and this.

Security vulnerabilities that might allow a hacker to break into a WordPress site and install malware on it so that its users become infected. Or that dragoon the site into a botnet that carries out attacks on other sites.

Every content management system has the same problem—there’s no such thing as absolutely secure software.

When these problems are discovered, the WordPress developers and plugin developers get to work. They find out what went wrong and write new code that fixes it. The new code is called a patch. Patches are delivered to WordPress installations through updates.
If you don’t update your WordPress installation, then it’s very likely that your site is vulnerable to hackers. Although updating your WordPress site is tiresome, forgetting to update could mean the loss of your site and its data. It could mean your users get infected with malware.

You owe it to your business, your site, your users, and the wider web to make sure that you keep your site up-to-date — it’s part of being a good online citizen.


Power up your sites and stores with custom-built technology designed to make every aspect of the digital commerce experience better. Make your digital commerce experience better with Nexcess.