Why Should I Have the Latest Version of WordPress?

The most important reason to install the latest version of WordPress is arguably the security issue.This article will explain why it is a good practice to use the latest version of WordPress for your website, what needs to be updated and how to do it yourself.

Why you need to use the latest version of WordPress

The Pros and Cons of WordPress developer community

WordPress is well known as the most popular and open source CMS when being the home for more than a quarter of the websites. Moreover, WordPress is open source. With these being said, there are both pros and cons this platform brings to its users.

WordPress has successfully built a large community that significantly contributes to the development of WordPress. Since WordPress is an open source project, anyone can learn the code to help improve its security, performance, and produce a great number of useful features.

On the other hand, the popularity of WordPress makes it an attractive destination for hackers, malicious code insertion, data thieves and so on. In addition, since anyone can access the code, it would be easier for hackers to learn and find ways to attack WordPress.

So, the question is: What do these things have to do with you when it comes to Security?

The big WordPress developer community will help bugs to be identified faster and more efficiently. The core WordPress team works on the problems, leading to the result of an updated version release. This one contains fixed issues, in which the most important is the security holes found in the previous version. Therefore, to keep your site away such security problems, the advice is updating to the latest version of WordPress.

What if you delayed the update? Well, when you’re still using the old version when the new one is already available, you’re leaving your site vulnerable to known security holes. Sooner or later, your site will be spotted by hackers and got attacked. The consequences are severe and it’s gonna cost your business a lot of time, effort and money to recover.

Some facts to strengthen the argument

In fact, when a WordPress site gets hacked, it’s almost due to outdated software. The main reasons, according to WPBeginner, include:

– 83% are WordPress sites that have not been kept up to date.

– 14% are web hosts that are not upgraded properly.

– 3% are for other reasons.

A recent example of how installing the latest version of WordPress affects the security is the WordPress 3.5.2 release announcement, which states:

WordPress 3.5.2 is now available. This is the second maintenance release of 3.5, fixing 12 bugs. This is a security release for all previous versions and we strongly encourage you to update your sites immediately. The WordPress security team resolved seven security issues, and this release also contains some additional security hardening.

What to update & How you do it

When you run a WordPress website, there are 3 things you will update frequently: WordPress itself, themes, and plugins installed on your site. All these updates are managed in one place at Dashboard > Updates.

There are 2 recommended methods to update WordPress. Do it manually or use a supporting plugin.

But before going into details, let me remind you something. For every major update which is important and contains big changes (maybe new features, more advanced security), it is a good practice to back up your site first. In case of any unexpected issues taking place, you can rest assure that you still have your backup files. Be even more careful, you could update and check if everything runs smoothly in the test site before making changes to your live site.

Update WordPress manually

This way is suitable when you run a small website with few themes and plugins.

When there are new updates, you will see a noticing number in section Updates in Dashboard, like this:

Click over it, and you are shown a list of things that need updated.

An example in MicrojobEngine Dashboard

As can be seen from the screen, there are 3 separate sections: WordPress, Plugins, and Themes. Under each part is a button for you to Update. Select the ones you want to update and then click Update. Simple!

From WordPress version 3.7, minor releases were automatically updated, which means you just manually update the big ones.

Use a plugin to do the job

The perk of using a plugin is that it will handle your job. It will save your time updating new releases for you. This is beneficial when you run a relatively big website and employ a lot of plugins and themes.

Below are some plugins for you to consider.

Update Control

Update Control is so simple that it does not design a separate settings page. Instead, you can make settings for this plugin under Settings > General.

One important function of Update Control is that it allows you to choose which core, themes, or plugins you would be happy auto-updating, and leave the others for manual update. Usually, for major core WP releases, it’s highly recommended that you make a backup before installing the new version. Therefore, the flexibility in update options saves you time by making use of the plugin but still enables you to keep control of your site.

Plus, this plugin is frequently updated which is a good sign of compatibility.

Advanced Automatic Updates

This plugin is a good to go with flexible features. One probably minus point of this plugin is that it’s been a time since its last update. But it’s got many positive reviews so it’s worth your try.

WP Updates Settings

This plugin is a good choice as it also offers many options to custom your needs.

With WP Updates Settings, you can decide which are for auto update and which are not. The settings page is well displayed and easy to use.

The settings page can be found under Settings > Updates

And the list doesn’t stop here. If you’re using any plugins that help you with the updating tasks, please recommend in the comment to share with other readers.

Stay on top of each update for Security

Security should always be put at top priority in the time of the Internet. Specifically, having the latest version of WordPress is a very important and effective practice to enhance security.

Hopefully, this article has well emphasized the need of using the latest version of WordPress and introduced some efficient methods that you could utilize managing the update activities for your websites.

This article is a part of the series introducing Basic security tips for WordPress websites.

Change WordPress admin username
Secure site with strong password ideas
Limit login attempts
Choose a quality host following web hosting security concerns
Use the latest version of WordPress
Use WordPress backup plugins

Cookie	Duration	Description
_ga	1 year 1 month 4 days	Google Analytics sets this cookie to calculate visitor, session and campaign data and track site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognise unique visitors.
_ga_*	1 year 1 month 4 days	Google Analytics sets this cookie to store and count page views.
_gcl_au	3 months	Google Tag Manager sets the cookie to experiment advertisement efficiency of websites using their services.
_vwo_uuid_v2	1 year	This cookie is set by Visual Website Optimiser and calculates unique traffic on a website.

Cookie	Duration	Description
NID	6 months	Google sets the cookie for advertising purposes; to limit the number of times the user sees an ad, to unwanted mute ads, and to measure the effectiveness of ads.
test_cookie	15 minutes	doubleclick.net sets this cookie to determine if the user's browser supports cookies.
VISITOR_INFO1_LIVE	6 months	YouTube sets this cookie to measure bandwidth, determining whether the user gets the new or old player interface.
VISITOR_PRIVACY_METADATA	6 months	YouTube sets this cookie to store the user's cookie consent state for the current domain.
YSC	session	Youtube sets this cookie to track the views of embedded videos on Youtube pages.
yt.innertube::nextId	never	YouTube sets this cookie to register a unique ID to store data on what videos from YouTube the user has seen.
yt.innertube::requests	never	YouTube sets this cookie to register a unique ID to store data on what videos from YouTube the user has seen.
_gfpc	session	Gleam sets this cookie to access a third-party marketing platform's API. The cookie is designed to secure user privacy in context with multi-site embedded content.