Maintenance and upkeep of your WordPress site

WordPress including its components requires regular care and maintenance in the form of software updates.

WordPress is a great content management system, very popular and one of the world's leading open source systems of its kind. However, like all software products, it is neither perfect nor static. There is a large and very agile developer community that is constantly developing this CMS, making it more secure and adapting it to the latest trends and developments.

WordPress could not meet all the needs of its users "out of the box" if it were not expandable with so-called "plugins" and "themes". Ideally, these extensions are also regularly adapted by their creators, e.g. to ensure their compatibility with the current WordPress version and to close any security gaps that have become known.

There are updates for WordPress itself as well as for WordPress themes and plugins. An update can have various reasons:

• bug fixes,
• improving and expanding features,
• ensuring compatibility
  (to the WordPress core for plugins and themes) and
• fix Security Vulnerabilities.

Updates often do not have to be carried out immediately, in some cases an immediate update is even not advisable.

So it sometimes makes sense to wait with an update until dependent plugins that are closely linked to the overall system are also available in an updated version.

However, if it is a security update, action must be taken as soon as possible!

Such security updates can also affect plugins. This also applies to your inactive themes and plugins, by the way.

If you always have the latest version of WordPress installed, you are on the safe side and well protected against attacks from the web. However, if you are using an outdated version, the risk of vulnerability increases with every month that this version becomes obsolete! Attackers look very specifically for websites that are operated with an outdated version in order to be able to gain easy access to these systems and then abuse them for their criminal purposes. This almost always happens in total anonymity and completely unnoticed by the site operator.

Specifically, by exploiting found security gaps, PHP code is smuggled into the website, which is able to distinguish between the Googlebot and a normal browser of a website visitor. Many WordPress sites are also affected by this.

If your website is affected by such an attack, it is generally pointless to try to locate the manipulated PHP files and to correct the corresponding places. It is also very time-consuming and often only a matter of time before the website is compromised again.

The only way to restore a clean state is to do a complete reinstallation with a current WordPress version and current additional components, taking into account the most important security precautions, such as assigning new, strong passwords for admins, database and FTP and, if necessary, installing tried-and-tested security plugins.

Ideally, the content can still be restored from the database. In any case, leave these measures to a real professional, because a lot of experience, know-how and instinct is required here.

Research, tests, coordination, implementation and final functional tests of the entire system always involve a considerable amount of time.

It makes sense that such updates are not carried out on the live system, but in a separate, isolated test system and only transferred to the live domain if they are successful.

A similar procedure is also recommended for very complex websites, such as shop systems, or websites with a multilingual function. Before an update, it should always be checked first whether the theme or plugins may result in a whole rat's tail of further updates due to their age or certain dependencies. An experienced system administrator can obtain this information from various sources.