Arvada, CO USA

Updating Wordpress

Updating Wordpress Software

Wordpress Security Updates

You now have a nice new Wordpress website up and running and you've spent a lot of time and money to get it just right. What do you need to do in order to keep it safe from hackers?

Thousands of websites are currently using Wordpress which means they are a prime target for hackers. This article will explain the importance of keeping your site up to date and how to do it.

Regardless of the size of your site, you are at risk. Hackers write a script that they 'inject' into every Wordpress site looking for a vulnerability to gain access and they could care less how big or small your site is. If you're running multiple sites on one hosting account, they are all at risk as soon as the malicious script has gained access to your site. At this point, you could be flooded with spam, have malicious code injected into your files, malicious messages displayed on your website, pages and/or images deleted and more. It's extremely annoying and frustrating to deal with.

How to Tell Updates are Available

Wordpress Dashboard Update Screen

As soon as you login to your Worpdress admin area, you'll notice an orange circle off to the left notifying you of the number of updates available. Often times, there will be a message displayed across the top of the screen for core updates as well.

The Importance of Performing These Updates

If you've ever been hacked, you know how frustrating the downtime can be or having your hosting company disable your account until it's fixed. Hackers will look for any way in and once they are in, they have access to take your site down, know your passwords, obtain all of your data and make a complete mess of your website(s). If you're hosting multiple sites on a single account, it's even more devastating because the hackers now have access to every single file, password, etc on your entire account (not only the site they originally hacked into).

Wordpress Updates are divided into three categories listed below. We want to show you how to update each of them and outline the important steps to take and make sure you're successful.

Core Wordpress Updates

These updates come directly from Wordpress and often include important security patches. Wordpress is known to automatically update at times but it's best to always keep an eye on your dashboard. Wordpress will often recommend that you backup your site prior to performing these updates. Backing up is very important and we've written a couple of articles detailing how to do so:
Backup Website Files and Databases

After you've completed your backup, go ahead and click the update button. The update is usually complete in less than 5 minutes and you'll see a success message followed by a screen telling you about the changes to the new version.

Wordpress has also provided information on how to successfully update your software:
Wordpress Update Documentation

Theme Updates

Theme updates are equally important and this includes the theme you're using as well as the theme(s) you have installed and aren't using.

Updating Non Active Themes
Often times, your site will include default themes that are not in use. These usually include 'Twenty Eleven', 'Twenty Twelve', 'Twenty Thirteen' and so on. If you never plan on using these themes, simply click the update button for all of them and your files will be patched. If you have used them in the past and they have custom changes, we recommend creating a Child Theme first. After the child theme has been created, you can safely update these themes.

If you don't have a child theme, you can download this plugin and create a child theme:
Child Theme Configurator

Updating Your Active Theme
Updating your active theme may involve a bit more work the very first time. Wordpress has a feature called Child Themes which allows your site to be customized but not over written when performing updates. You can learn more about child themes here:
Wordpress Child Theme Documentation

Most newer themes include a child theme but you need to make sure that either you or the person / company who created your site actually used the child theme. You can check this by going to 'Appearance -->> Themes' and seeing which theme is Active. If it's not the child theme, you need to first correct this by changing to the child theme before proceeding with a theme upgrade.

If you don't have a child theme, you can download this plugin and create a child theme:
Child Theme Configurator

Plugin Updates

Plugin updates are usually straight forward unless you have customized them in any way beyond filling in the fields of data that each one offers. If you've modified any of the files directly, you'll need to make sure you have them backed up and then merge your changes after you've updated. If you have not modified the plugin files, go ahead and click the update button.
Managing Plugins Wordpress Documentation

What to do Now

Now that you have this information, it's time to start the process for yourself and make sure your Wordpress websites stay up to date and protected from hackers. If you're pressed for time or you don't want to attempt this yourself, contact us today and we'll help you out.

Managed Wordpress Hosting

If you do not want to spend time keeping track of this, we do offer Wordpress Managed Hosting Services as well as Sitelock Malware Scanning. These 2 services can be added if you already have a hosting plan with us or if you're planning to sign up for a new hosting plan.

To find out more about web hosting, domain registration and website design, visit and/or the Evolve Web Hosting Facebook Page