What happens when you don’t update your WordPress site?
“Everything was working fine, so I didn’t want to update the site and risk breaking something!”
As the professional who comes in and fixes broken sites, I’ve heard that line way too often. In a way, it makes sense – if it ain’t broke, don’t fix it! But there can be huge costs to ignoring updates on WordPress websites.
WordPress asks you to update a lot of things. All of your plugins are (hopefully) updated on a regular basis, and your theme probably gets updated, and you probably have some themes installed on your site that you aren’t using, and they want updates too. And, of course, WordPress itself: every few months, there’s a big new release, and you might see smaller updates as often as every week or so.
So if everything on your site is working just fine, should you bother with all those updates? After all, it takes time, and there are scary warnings about backing up your site first, and what if an update breaks something? Or what if the update makes confusing changes to the user interface?
Yes, you absolutely should update your site!
There are several reasons why updates are so important.
New Features. This is the most obvious reason to update: updates add new shiny features to your site! Sometimes the features will be pretty exciting, sometimes you will hardly notice, but it’s always good to have access to all of the latest stuff. Granted, sometimes the new features might change your workflow a little bit. But here’s the thing: new features are introduced incrementally. That is, each version has a few new little things. So if you update regularly, you’ll just have small new things to get used to. But if you wait a long time to update, and suddenly add 6 months worth of new features to your site all at once, those changes will be much more dramatic and much harder to get used to. So you’re better off updating as often as possible.
Security. Sure, you have just a tiny little site, with hardly any traffic, so why would anyone want to hack it? The truth of the matter is, every WordPress site is a target. This isn’t because WordPress isn’t secure: it’s because WordPress is so prevalent. WordPress is 25% of the internet, which means there are huge payoffs for hackers who can figure out how to break into WordPress sites. Hackers don’t care how much traffic your site gets – they just want to use your site to send out spam or other nefarious things for a few days until you beef up your security, and then they move on.
What does this have to do with updates? Any time someone finds a security vulnerability in WordPress, the WordPress team releases an update to fix the vulnerability. The same goes for plugins and themes. On top of that, any time a security vulnerability is fixed, information about the problem becomes publicly available. That means that hackers know how to get into old versions of WordPress. So it is extremely important to keep your site updated to avoid getting hacked!
Big problems when you do update. No matter what, you are going to have to update someday. You can’t keep running an old version of your site forever. Some day you’re going to want to use a new theme, and your new theme is going to require the latest version. Or you’re going to install a new plugin, and it will require an update.
The more often you update, the less likely it is that updates will cause problems. Problems will arise if you try to skip a bunch of version numbers (for instance, if you try to update from version 3.6 to version 4.5).
I have encountered this many times. Whenever someone contacts me and wants me to help them make some changes to their site, if I see that their site is really out of date, I don’t even try to update it. I just start all over with a new site, and import their old content. For a small site, this might not be a big deal, but for complex sites, it can get very expensive.
In a worst case scenario, this can even lead to a major data loss. I once worked with a website that was running a very old version of bbPress (a popular forum plugin). They hadn’t updated in years, and they wanted to update the forum and put a new theme on the site. I spent dozens of hours (and cost them thousands of dollars) trying to update from this very old version, but since there were hundreds of thousands of posts in their forums, updating was very complicated.
You might think you don’t need to update because everything is working just fine right now. But in the long run, not updating will cause far more problems. Updating is relatively risk-free, and is a very important part of owning a WordPress site.