Wordpress powers almost 30% of websites and many of the top 100 in the world. It's insanely popular, but prone to hackers and small errors or 'bugs' which are found at later stages.

With a massive development community, these issues are quickly addressed, which means you should be updating your website regularly for peace-of-mind. Here are all the components of your website that require updates, and why it is important to do so.


Firstly, backups of your website database and site files should be performed before and after any updates. Before going into the types of updates, it is important to note they can break the functionality of your website. In order to avoid this, a backup is performed so the website can be 'rolled back' should any issues occur.

PHP Updates

PHP is the 'computer language' that Wordpress is built on. The version is set by your hosting company or via cPanel (if you have access). Your website will be faster, as the latest version provides up to 3 or 4x increase in speed. It will also be more secure, as older versions have security flaws found by hackers. It's more efficient, saving on computer resources, and thus, the environment! Latest PHP version: 7.4.4 (19 March 2020)

Wordpress Core updates

The Wordpress CMS 'core' provides the foundation of your website (being able to login, add pages, blog posts, upload media, etc). Hackers find flaws in the software to exploit them, but usually, the good guys find them first. These security holes need to be addressed in updates to secure your website. New versions bring new features, functionality and better performance. Wordpress releases minor and major updates almost once a month.

Plugin updates

Plugins provide extended functionality to your Wordpress website, such as selling products (via the popular WooCommerce), contact forms, maps integration, social icons and more. Both free and paid plugins are built by third-party developers (other programmers not directly associated with Wordpress) who are responsible for addressing the same bugs, vulnerabilities and hacks faced by the Wordpress 'Core' mentioned before. 25% of plugins are updated every month, which means you should be applying them regularly.

Theme updates

Unless your theme has been built from scratch (most unlikely), it will require theme updates from the third-party developer (like plugins). As always, security is the most important element delivered in updates, but small bugs, fixes and new features are released in theme updates too. If your website has been built with a good theme, updates will occur fairly regularly throughout the year.

Security and malware cleanup

Approximately 1% of all websites are infected with malware every week, almost 50 websites a day. Once you're infected, it's possible Google might blacklist you from search engine rankings, which will be costly for your business. Your website should be scanned for potential vulnerabilities, malware, changed files and problematic plugins before the issue occurs.

Performance Optimization

There are a number of optimizations to perform including checking Google Analytics and Search Console is properly integrated, cache functions correctly, the database should be optimized, maps function, any new image should be optimized and old content removed. Once complete, a performance test is done to make sure the website is performing optimally.

Check Google Search Console for errors

Google Search Console is a tool by Google to monitor the health and performance of your website. It helps you check if Google is having any issues reading the content of your website. Any broken links on your website will be found. A large portion of your traffic is most likely coming from search engines, so it's important to check for any abnormalities. Your sitemap (the file that tells Google what pages to 'read' on your website) should be setup correctly and submitted through Search Console.

If it ain't broke, don't fix it?

You might argue that your website functions fine - so there's no need to perform any updates. But that's like not servicing your car until it's stuck on the highway, not going to the oral hygienist / dentist for a check occasionally, or not cleaning the pool until it's mucky and green. Sounds a bit silly, doesn't it?

Waiting until your website is hacked or infected with malware can expose you and your customers' information. Sometimes, you might not even be aware of an issue as it silently performs malicious duties. Regular updates are also recommended as waiting too long may result in complex update procedures - such as incompatibilities, plugins no longer maintained, etc.

Lengthy updates, or removing malicious content is ultimately more costly in the long run. if your website hasn't had updates in more than a year, it's time to take care of it.

Do you need a professional to assist with Wordpress maintenance? Take a look at our Wordpress Maintenance Packages available.