Why you should keep your WordPress site updated (obviously)

Have you ever logged into your WordPress site and seen those bright orange notifications in the sidebar?

“11 Updates!? I just updated this last month!”

How many times have you ignored those notifications, letting them pile up week after week until you finally say “screw it” and update them all in one shot?

Has that ever backfired on you? Some plugin update breaks your site and you’re now scrambling for 6 hours trying to fix it.

Has that caused you to avoid updating altogether?

You’re not alone.

Almost 40% of WordPress sites are not running the latest version (aka 10% of the internet) – let alone the countless plugins and themes that are also out of date.

The problem is that this is an incredibly bad idea.

When you leave WordPress out of date, you’re practically inviting hackers to enter your site.

This is because the vulnerabilities of older versions are published and available to the community as soon as the new version goes live (and often times soon).

So, that little orange icon should say something like “hackers literally know how to abuse your old plugins now”.

Scary? It should be.

What’s crazy is that this is completely common.

In fact, WP White Security found that 73% of the 40,000 most popular websites that use the WordPress software are vulnerable to attack.

So, what’s the worst that could happen?

Most likely, your website is an integral part of your business. Whether you’re using Ecommerce or simply blogging, your website is practically the face of your business and probably has access to sensitive customer data.

Leaving your site out of date leaves your site vulnerable for someone to take advantage of you and really hurt your business.


This tactic can be attached to basically any of the following issues. Hackers will takedown or defame your site until you cough up some money for release.

And, unless you solve the problem, you’re vulnerable for them to extort you over and over again.

Compromised Customer Data

If you are collecting customer information like emails and phone numbers (or potentially payment information), you’re now dealing with a true crisis that leaves you exposed to customer retaliation and a PR nightmare.

Heard of Experian? Yeah.


Typically, hackers will publish thousands of garbage posts and pages using your site that all backlink to some scam.

Or maybe they’ll inject malware directly onto your site to try and compromise customers.

When Google finds these pages on your site, it will Blacklist you from Search Results.

In fact, Google blacklists around 20,000 websites for malware, and around 50,000 for phishing each week.

That’s right – no more search rankings or traffic.

Oh, and it’s damn hard to undo, too.

Use in Botnets

Ever hear about “Russian botnets” or “DDoS”?

Hackers will basically put sleeper code onto your server and use it to attack other servers.


After gaining access, hackers could take over the design of your site and post some pretty horrific content in its place.

Say goodbye to customers at least.


This is by far the nicest of punishments – taking your site completely offline. No site = no business.

All that, just from outdated stuff?

Yeah, it’s real life.

The simple act of updating WordPress, plugins, and themes protects you from most attacks (and that’s over 90,978 attacks happening per minute).

Naturally, there are other methods of entry, so you should be employing a security plugin as well, but just updating keeps you on a good level.

Even if you just use a secure password, you’ll be protected against 8% of WordPress security breaches.

Ok, I’ll do better to keep my plugins updated from now on.

Well, there’s another problem: plugin updates can crash your site.

Yeah I know, right? Can’t catch a break.

Plugin conflicts are no stranger to anyone who’s worked with WordPress for long, but only the dedicated few really know how to resolve these quickly.

Maybe the plugin you just installed doesn’t outright break your site, but it could still be a problem like the thousands of WordPress websites that were infected with malware disguised as a search engine optimization plugin.

And if it’s a severe break, do you have a backup of your site available? Know how to restore it?

Are you ready to call the amazing tech support at your server host when things go wrong?

To recap, if you plan to do this yourself, you’ll be responsible for:

  • Updating WordPress core, plugins, and themes daily
  • Checking if updates break your site
  • Checking that new plugins are ok to install
  • Resolving plugin breaks
  • Protecting your site against other vulnerabilities
  • Auditing your existing site for malware
  • Keeping an eye on your passwords
  • Backing up your site properly
  • Restoring your site if it goes down
  • Talking with tech support
  • Oh, and the rest of your business

How much are those hours worth to you? You should be doing bigger and better things.

Let me do it for you.

With plans starting at $100/mo, you’ll have a dedicated WordPress expert managing your site for you.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.