I plead guilty.

One of the bits of advice I’ve often given about website security is: “keep your site updated”.

The problem with that advice is that, for many website owners, “keep your site updated” is not helpful advice. It’s too broad to be actionable.

  • How do I keep it updated?
  • How do I even know if my site is out of date?
  • Where do I start with getting it updated?
  • What if an update breaks something on my site?
  • I get a warning to back up my database, but I have no idea how to do that.

Faced with all these questions, it’s often easier to do nothing. After all, the site doesn’t appear to be broken, and “if it ain’t broke, don’t fix it”.

Frustrated, But Not Alone

If keeping your site up to date is frustrating, you’re not alone. Nobody is born knowing the answers to these questions. Website maintenance isn’t on the list of instinctive traits for humans. We in the website development business have learned these things because it’s our business to know them, but the average website owner (maybe that’s you) has other business to attend to. Business that pays the bills.

Besides, and maybe especially, if you’re a WordPress website owner, you’ve probably been told that “WordPress is secure”, and “WordPress is easy”. If its secure and easy, you probably didn’t sign on for spending hours trying to figure out how to keep your site updated. You just want it to work!

Keeping Your Site Up To Date Is Still Important

The website security experts at Securi recently released their 2016 Hacked Website Report for the first quarter of this year. They reported that, by far, the greatest risk of getting your website hacked comes from not keeping website software up to date.

But they also recognize the challenge the average website owner faces in keeping current:

These statistics talk to the challenges website owners face, regardless of size, business, or industry. Website owners are unable to keep up with the emerging threats.

Baby Steps

I know you want your site to be up to date. You want to keep your site to be as secure as possible. You just need to know how, in baby steps you can follow and in plain English, please!

Over the next few weeks I’ll be doing a series of posts on Keeping Your WordPress Website up to date. We’ll take things baby step by baby step, starting with the easiest parts that pay the biggest update security dividends.

If You’ve Already Been Hacked

I’m not a web security expert. If your site has been hacked, you need to talk to someone who is. I highly recommend the folks at Securi. They know what they’re doing and can help you get out of the woods.

But the best, most cost-effective way to deal with hackers is to make it harder for them to hack you to begin with. That’s what we’ll be doing here over the next few weeks.

Be sure to get on the Update List!

— Caspar