Taking over an existing WordPress website, we logged on for the first time to be greeted by a sea of issues. Upgrade core! 300 spam comments! 10 plugins have available updates! Another satisfying day… and we aren’t even being sarcastic! There’s nothing like putting a website that’s gone to seed back in order. WordPress maintenance is important, but if you’ve been reluctant to pay a monthly fee for it in the past, don’t be embarrassed or afraid if you want to reconsider. Our motto is “Straight answers from smart people,” and that means we can give you a variety of solutions to an existing technical problem. Telling clients out of hand that they need to scrap everything and redesign from scratch isn’t helpful when we’re getting a quote from a plumber or an electrician, and we’re not going to take that approach either. Instead, we’ll offer a variety of solutions, which can range from a minor facelift, to a back-end cleanup, to monthly maintenance, to periodic maintenance. We understand your top priority is to maintain a web presence commensurate with your brand, and to that end, our goals are to keep you up-and-running while looking good and offering the functionality your customers most need. If you’ve got a WordPress website, that means that we need to make it as secure as possible, that you’re on the right hosting platform for your needs, and that everything on the front end is working correctly and looks right, aesthetically.
WordPress Core Updates
Returning to the example of the WordPress website we’re taking over, we see that the WordPress core isn’t up to date. WordPress releases a LOT of updates—you can see from their release log that they’ve sometimes done two a month (though, thankfully, they’re considerably less frequent than that). If at all possible, we like to keep WordPress up to date. The most recent WordPress 4.4.2 release, for example, fixed a server side request forgery (SSRF) vulnerability that potentially allowed an attacker to access or attack the internal network or local server that WordPress is installed on.
There are reasons you might not want to update—if, for example, the WordPress website at hand is extremely complicated with a lot of custom functionality. These cases are fairly rare; you’ll generally know when you have a highly customized WordPress site. If you don’t know what you’re doing at all, don’t click the “Please update now” link at the top of your WordPress screen. Instead, consider checking if your hosting service offers a subscription to SiteLock. It’s extremely reasonable, and runs scans of your site looking for and automatically removing malware. We highly recommend using SiteLock even in concert with a professional maintenance plan.
WordPress Plugin Updates
We also mentioned above that 10 plugins needed updating when we logged in to take over that WordPress website. Outdated plugins may be a big deal, or they may not. If your spam plugin is out of date, you’ll probably be seeing more spam comments crop up in the back end of your website. It’s annoying, but generally it’s not going to crash your website. But if your form plugins are out of date, that can be more serious. Form plugins used to create contact forms on the front end of your website work by allowing users to upload information to your website. And if there is a vulnerability in the form plugin code, a hacker can upload malicious code. One such situation happened last year with the Gravity Forms plugin, and you can gain a little insight into our daily lives by reading this account of a developer’s exploration of a subsequent hack.
These types of plugins are generally safe to update without worry:
- Admin tools such as duplicate post or columns
- SEO
- Analytics
- Broken link checkers
- 301 redirect
- Most form plugins—unless you have a complex form situation
- RSS feed
- Jetpack
- Database optimization
- Backups
- Other monitoring plugins
- Image compression
- Security
These types of plugins directly affect the front end of your website, and you should be cautious about updating them.
- E-commerce (e.g., WooCommerce)
- Mutli-language (e.g., WPML)
- Complex forms
- Event calendars
- Registration
- Popups and lead generators
- Galleries and media
WordPress Maintenance
Now that we’ve talked a little bit about what WordPress maintenance entails (saving the issues of backups and content updates for another day), you can judge for yourself a bit better whether it’s worth engaging a partner (like I.T. Roadmap!) for monthly maintenance or at least periodic maintenance. If you’re comfortable getting your hands dirty and keeping abreast of updates—and the consequences won’t be too dire if something does break and your site goes down—then monthly maintenance may not be for you. We’re happy to fix something for you if you do get in over your head! And if you have a complex WordPress website with lots of people using it for job-critical functions every day, then maintenance is almost certainly for you. One-size-fits-all solutions are not our thing. Contact us if you’d like to talk about taking over a WordPress website that needs a little help, or if you’d like to take the plunge and go for a maintenance plan.