How often should you update your WordPress or Drupal, themes and plugins/modules?
The short answer is as often as possible… and here’s why.
The main reason for this is security. WordPress & Drupal sites are prime targets for hackers. These hackers don’t want to bring you down because they dislike you, in fact most of these hacks originate from bots crawling the web, looking for WordPress and Drupal sites that are vulnerable. If the bots identify your site as a WordPress or Drupal site, they will then set up shop and start looking for vulnerabilities.
The frequent updates very often are related to exploits that have been created by hackers and then patched by the development community. People and companies that hack for a living are constantly on the lookout for the latest exploits that have not yet been patched…and just because WordPress has created a patch for the exploit doesn’t mean that you site will now be protected. It is up to you to implement the update in order to make sure your site is still secure.
So why do these bots want to take over you website?
Again the short answer is they will use your good reputation to drive traffic to sites that are important to them.
Once the bots have infiltrated your site and have set up shop, they can start posting links back to their favorite sites and even take over your mail server and start blasting out emails on behalf of their clients.
Once your site is infected it is difficult to get rid of the “virus”. Very often the bots will embed JavaScript on to the site, so even after you have cleaned out all of the malicious content, the bots can re-trigger their attacks days or weeks later and you have to start the whole process over again.
Don’t leave it until it’s too late
Unfortunately, most people don’t take this topic seriously until after their site or sites have been hacked. It is only then that they realize that they may lose days of work just trying to regain control over their sites. More importantly, if Google identifies your site as being compromised, they will down grade your site in the search results.
So do yourself a favor, if you are not making daily backups of your site please start, and better yet, put your code in a repository for safe keeping.
If have any questions or are interested in setting up a program for updating your WordPress or Drupal core, themes, plugins/modules get in touch. For most websites it can take as little as a couple of hours per month and it really is time well spent.