I must admit I groan whenever I log into a client’s site to get to work, only to find that several updates are required. I understand the reluctance on the part of my clients to make the updates – most don’t really understand them, they can scare the heck out of you if you don’t.

What if the update breaks my website?!”   “What can I do to fix it if my website breaks?”   “Will I lose everything?”

WordPress is a very popular platform, and as such it’s a hot target for hackers to go after. With nearly 20% of the web running on WordPress, hackers are always looking for a way to get into these sites. Fortunately, with thousands of developers backing it, any security holes that are discovered in WordPress are fixed almost instantly.
The problem is that you need to update your software to be able to take advantage of each fix, and many sites don’t bother with them. In fact, when a WordPress site gets hacked, it’s almost always due to outdated software. But If you count on your WordPress website for your business you need it to be secure. Just think of what it would mean for your business if you lost everything due to being hacked.

Nowadays, keeping WordPress updated has never been easier, but proceed with a bit of caution. It only takes a single click to update your site, but if something goes wrong you may end up in trouble. It’s becoming rare for an upgrade to cause issues nowadays, but when it happens it can be quite a pain.

Outdated plugins and themes are another, perhaps bigger issue when it comes to security. WordPress updates are widely publicized and easy to upgrade, whereas finding an update for a plugin or theme can be slightly more challenging and just like the WordPress core, can open your site to a hack.

Plugin creators are busy, and they aren’t making updates just for the fun of it. Sometimes they add new features or upgrade the functionality, but most of the time the updates are due to bugs or security vulnerabilities.

When a hacker sees that a big security patch was just pushed out for a plugin, they quickly learn how to exploit that vulnerability and use it to attack websites that have not yet updated to close the hole. Other than hackers gaining access to your website due to weak passwords, plugin vulnerabilities are the easiest way for them to get in.

So make sure to keep subscribed to any developers’ updates for your plugins and themes.

If you see the little orange numbers in your WordPress Dashboard, you know it’s time for some updates.

Now, I’ve personally never had a problem on my own website (I’m a developer, after all – it would be too embarrassing if I made that kind of mistake!).

Here’s the process I use to complete my updates:

  1. Complete a full site backup
  2. Complete one plugin update
  3. Ensure everything is still working
  4. Repeat steps 2 and 3 until all plugins are updated

That way, if a plugin did break your website you’d know exactly which one caused it.


  1. Complete a full site backup
  2. Complete the theme update
  3. Ensure everything is still working

That way, if the theme breaks your website you can revert to the version in your backup.

If you’re still worried about doing updates yourself, or if you simply don’t have the time, check out my maintenance plan, and find out how you can get me to do it for you!