Website Updates and How to Avoid Being Hacked

Websites need maintenance cartoon

Why Website Updates Are Mandatory

Website updates are needed, just as oil and belt changes are needed for your car. And, just like your car is likely to break down if you do not change the engine oil, your website can crash, not work properly on modern web browsers, and is more likely to be hacked, if you do NOT keep up with web updates. In general, your site should never go more than 6-12 months without updates, depending on the type of CMS platform it is built on. Additionally, updating your site regularly is required by your host.

Does My Site Have a Chance at Being Hacked?

Unfortunately, hacking is getting to be a more popular profession for scummy scum-bags. And out of this group, some of these people are deciding that it’s profitable to hack small business websites in order to redirect Google hits to their spammy affiliate site, create a new admin, or inject SPAM text and links. As security loopholes are found, developers release new versions of their software to close them. Once these new versions are released, they are broadcasted to tell site owners to close the loopholes. Site owners who do not close these loopholes become an easy target for hackers, who can now easily find these loopholes and attempt to exploit them. We’ve seen this happen and it can be costly to remedy (note: more costly than just doing routine simple updates in the first place).

Securing your site is a lot like securing your house or car. If someone really, really, wants to break in, and is very good at it, they probably will. But closing and locking the doors and windows will keep out most, if not all, would-be burglars.

What “Website Updates” Really Mean

The main way to close these security loopholes that hackers find is to do regular website updates. For custom websites, this means:

  • updating the CMS core, the theme core, and all of the plugins at once ALONG with all of the customizations made to the site files (css, html and php).
  • all site functionality must then be tested to be sure all of the updates work together
  • the front-end of the site must be tested on newer browsers and mobile devices

When done right, it means doing all these updates on a hidden development site so that if there is a problem, it can be fixed without disruption to your live site. Therefore, these updates require professional web development help.

Do Not Simply Click “Update WordPress”

Please note that simply clicking the “update” button from your admin panel does NOT update the theme, nor customizations.

why wordpress updates are mandatory and why you need to hire a professional

Simply clicking “update  Wordpress” from the admin panel on websites that have been customized can:

  • break parts of your admin/editor panel
  • leave open other security vulnerabilities
  • lose all of the customizations you originally paid for
  • cause conflicts between WordPress, your theme, and/or plugins
  • make it so your site no longer works in certain browsers or mobile devices

Some site owners who have had major customizations have clicked “update WordPress” and may not notice an immediate change. They may not notice that parts of their admin panel no longer work, or that there is a huge security vulnerability to their site, nor that their site no longer works correctly in certain browsers. They also do not realize that their site will now cost more to update correctly when they experience problems.

Again, if you have had a custom WordPress website built whose customizations reach beyond those made through the admin panel, do NOT click on “update WordPress.” This can cost you more time and money to fix than simply hiring a professional to do your updates correctly.

How to Choose The Right Web Developer For Web Updates

There are thousands of people who say that they “know WordPress.” While they may have experience using the administrative panel and making basic changes through it, there is more to a customized site than the admin-panel. If your site has been heavily customized, your customizations to your theme and plugins need to be updated through your site files on the server (i.e. not through the admin panel).

If you are no longer working with the web developer who customized your website, you can always look for and ask the following questions when hiring your new web developer to do your web updates:

  • Have them show you other sites that they have customized. If they have no examples to show you, then they most likely do not have enough experience to be messing around with your customized site.
  • Will they run a full site (not just database) backup of the site prior to making updates, just in case?
  • Do they know how to modify the customized site files (css, html and php)? These files will have to be updated when the updated theme and plugins are purchased and installed.
  • Do they do your updates offsite so they test to be sure that the updated core, theme, and plugins are all working together correctly?
  • Do they test to see how your updates are working on different browsers and mobile devices?

If you are hiring a new web developer because you have a friend who “knows WordPress” and wants to help you, or because you think you can do these updates yourself, please ask the questions above. If you are still not convinced and insist on working with this new individual, then be sure to run a full site backup prior to any work being done.

If you already hired someone to do your web updates and want to be sure that they did your updates correctly, you can always ask them after the fact:

  • if they need reimbursement for the theme fee (since the updated theme will have had to be bought and installed)
  • what browsers and mobile devices your new site was tested on
  • if all the customizations were brought through the theme and plugins and if they had any problems getting them to work together
  • if they ran a full site backup prior to doing the updates

What To Do If Updates Were Improperly Done

Things happen and sometimes we don’t know what we don’t know. And sometimes, despite everyone’s best efforts and knowledge, problems do arise. That said, if you have a customized website and know you have only been updating the WordPress core, stop doing anything else to your site. Hire a web developer to help you perform your web updates properly. Provide them login information (WP admin, hosting server and database), full back up files (if you have them), and any other information needed. In a discovery period, the web developer will then look for any problems and will provide a recommended course of action.

If you have a custom CMS website and it has been 6+ months since you have had your last update or initial site launch, it may be time for your site to be updated. By doing regular updates, you will be keeping your site safe and will ensure that your website is continuing to work for you, not against you. Contact me to schedule your update or discuss update options today.