Join Jeff Starr for an in-depth discussion in this video Keep your site up to date, part of WordPress: Developing Secure Sites .
- [Instructor] An important step in securing your WordPress site is keeping things current and up to date. When new vulnerabilities are identified, they're almost immediately targeted by attackers. Running the most up to date version of WordPress ensures that you have all the latest bug fixes, security patches, and new features. This video demonstrates how to stay current with everything right from the comfort of the WordPress admin area. With WordPress, there are three main things that should be kept current. WordPress core files, Plugins, and Themes.
The good news is that by default WordPress will let you know when it's time to update any of these three items. When it's time to update WordPress itself, you'll see the update nag as it's called appearing at the top of every page in the WordPress admin area, as seen here. When you see this message, a new version of WordPress is available and so it's time to upgrade. To begin the process, click the Please update now link to review your options. Remember it's a good idea to make a backup before each upgrade. Check out my previous video on backing up WordPress for an easy way to make on-demand backups.
Also, if you are unable to upgrade via the admin area, you can upgrade manually via FTP. Let's go ahead and upgrade to the latest version using the one click installation method. As WordPress is updating, progress information may be displayed. And done. We are now running the latest version of WordPress and can learn more about it here on the About page. Note that by default WordPress will try to auto-update itself whenever a new minor version is released.
You can learn more about this feature at the WordPress Codex. Now let's return to the Plugins screen to see how updates work for Plugins. First, you'll notice a circle icon showing the number of available updates. Then in the list here, you can see which plugin updates are available. When an update is available, you'll see a link to Update Now. Let's go ahead and update this plugin with a click. Super easy this one click updating. All of our plugins are now current. Lastly, when a theme update is available, a similar update reminder will appear in the admin area, right here on the dashboard Updates screen.
Here we see a new version of the 2016 theme is available. If there are multiple updates available, they'll be listed here as well, ready for an easy bulk update at your command. Let's go ahead and update our theme by selecting it, and clicking the Update Themes button. Here we can see the details of the update. Looks like everything is good so let's return to the Updates page, and great. We're now all current with our themes, plugins, and WordPress itself. Going a bit further, for those of us who visit the WordPress admin area on a regular basis, the update reminders definitely help to keep things up to date, but if you're not always logging into WordPress, it may be difficult to stay current.
Without seeing the upgrade notices, you may miss out on important updates which can leave your site vulnerable. Fortunately there's a handy little plugin called Updates Notifier that will send you an e-mail whenever an update is available. The plugin is easy to install and provides a simple Settings page. Here at the Update Notifier Settings page we see that the default options will work just fine. For the Cron Method, go ahead and leave it set to WordPress Cron, unless you have reason to do otherwise. Then we can choose the Frequency to check, specify the address, and then enable notifications for plugins, updates, and the WordPress core.
There's even an option here to hide the update nag for non-admins which can be an added security benefit. After configuring your options, click Save Settings and you're good to go. This is a perfect tool for keeping track of sites that you don't visit on a regular basis. Whenever there's an update, you'll be notified via e-mail. Lastly, a great way to keep an eye on things is to look at the WordPress news feed on the dashboard. If you don't see the news feed, click on the Screen Options tab, and check the box to enable the news feed.
This information is a great way to stay current with breaking WordPress news and events. Remember, staying current with themes, plugins, and WordPress itself helps keep your site secure against potential threats and vulnerabilities. By displaying visual reminders in the admin area, WordPress makes it easy to stay current as new updates become available, so keep it current and keep it safe.
- Backing up and restoring your site
- Setting up strong passwords
- Understanding users and roles
- Choosing trusted plugins and themes
- Changing and recovering passwords
- Configuring authentication keys
- Securing the login page
- Fighting spam in the comments
- Blocking access and detecting hacks
- Building a firewall for WordPress
- Detecting and blocking bots
- Auditing your WordPress security