Maintenance and upkeep of your WordPress site
WordPress including its components requires regular care and maintenance in the form of software updates.
WordPress is a great content management system, very popular and one of the world's leading open source systems of its kind. However, like all software products, it is neither perfect nor static. There is a large and very agile developer community that is constantly developing this CMS, making it more secure and adapting it to the latest trends and developments.
What updates are needed and when should they be done?
WordPress could not meet all the needs of its users "out of the box" if it were not expandable with so-called "plugins" and "themes". Ideally, these extensions are also regularly adapted by their creators, e.g. to ensure their compatibility with the current WordPress version and to close any security gaps that have become known.
There are updates for WordPress itself as well as for WordPress themes and plugins. An update can have various reasons:
- bug fixes,
- improving and expanding features,
- ensuring compatibility
(to the WordPress core for plugins and themes) and
- fix Security Vulnerabilities.
Updates often do not have to be carried out immediately, in some cases an immediate update is even not advisable.
So it sometimes makes sense to wait with an update until dependent plugins that are closely linked to the overall system are also available in an updated version.
However, if it is a security update, action must be taken as soon as possible!
Such security updates can also affect plugins. This also applies to your inactive themes and plugins, by the way.
If you always have the latest version of WordPress installed, you are on the safe side and well protected against attacks from the web. However, if you are using an outdated version, the risk of vulnerability increases with every month that this version becomes obsolete! Attackers look very specifically for websites that are operated with an outdated version in order to be able to gain easy access to these systems and then abuse them for their criminal purposes. This almost always happens in total anonymity and completely unnoticed by the site operator.
Excursus: Hacked – your own website as a spam slingshot
A case study from practice: the so-called Google Conditional Hack is malicious code that delivers different content to Google than to the usual browser.
The website behaves completely normally from the perspective of a site visitor. On the other hand, content is transmitted to Google that is very similar to the actual content, but in many places contains unwanted advertising texts - above all links to spam sites (often with obscure pharmaceutical offers).
The aim of these attacks is to build up a high level of link popularity for such sites without the reputable website operator noticing.
Specifically, by exploiting found security gaps, PHP code is smuggled into the website, which is able to distinguish between the Googlebot and a normal browser of a website visitor. Many WordPress sites are also affected by this.
If your website is affected by such an attack, it is generally pointless to try to locate the manipulated PHP files and to correct the corresponding places. It is also very time-consuming and often only a matter of time before the website is compromised again.
The only way to restore a clean state is to do a complete reinstallation with a current WordPress version and current additional components, taking into account the most important security precautions, such as assigning new, strong passwords for admins, database and FTP and, if necessary, installing tried-and-tested security plugins.
Ideally, the content can still be restored from the database. In any case, leave these measures to a real professional, because a lot of experience, know-how and instinct is required here.
Avoid compatibility problems
With larger updates over several version numbers, it is possible that plugins and themes also have to be adapted to the new version. The developers of such additional components have the opportunity to test the compatibility of their products with the new WordPress version before the release of a new WordPress version.
But especially with free components, it can happen that the developers react too late or not at all. In the worst case, such components can then render your updated system unusable.
In these cases, the no longer compatible plugins or themes must be replaced by alternatives with the same or at least similar functionality.
Research, tests, coordination, implementation and final functional tests of the entire system always involve a considerable amount of time.
It makes sense that such updates are not carried out on the live system, but in a separate, isolated test system and only transferred to the live domain if they are successful.
A similar procedure is also recommended for very complex websites, such as shop systems, or websites with a multilingual function. Before an update, it should always be checked first whether the theme or plugins may result in a whole rat's tail of further updates due to their age or certain dependencies. An experienced system administrator can obtain this information from various sources.
How to deal with manual adjustments
If a professional has made manual adjustments to the files of a theme or plugin, these adjustments are stored in a so-called child theme. Anything else would be unprofessional, because otherwise these adjustments would simply be overwritten during an update. Adjustments or extensions implemented in the child theme, on the other hand, are update-resistant and are retained even after the update.
Nevertheless, these adjustments must also be checked for compatibility and up-to-dateness, especially with regard to security, and if necessary adapted again to reflect current developments. You should only leave this test to a really experienced system administrator and programmer if you don't want to run the risk of making your system vulnerable and unusable in the long term.
Before every update: Don't forget to back up your data
You should never update unless you have made a recent backup of your entire WordPress installation (files and database) first! Download all WordPress files and folders from your web space to your local computer via FTP. Save the data of the MySQL database used in an SQL dump and also save this file outside of your web space.
Have we piqued your interest?
Then contact us. We would be happy to advise you without obligation.