WordPress is a great platform for creating simple blog all the way up to complex sites. However, security is something that is a concern for a lot of people and you hear about security issues quite often.
At it’s core, WordPress is secure. Security issues come from 3rd party plugins, themes, and week passwords. The 3rd party plugins are the ones you hear of the most. Especially when it’s a popular, free, plugin that is used on thousands of sites.
The good news is that updating WordPress plugins are easy, and they can be made even easier by having WordPress auto-update them for you.
There are a number of ways you can setup WordPress to auto update plugins and you don’t have to be a developer or even change a line of code; unless you want to.
Developers can head over to the Codex to find a few lines of code that can keep WordPress core, the themes, and the plugins updated.
For those that aren’t comfortable in the code, you can connect your site to WordPress.com via the JetPack plugin and then setup Manage.
Once that’s setup, head over to https://wordpress.com/plugins, click the ‘manage’ link at the top, select all the plugins, and hit the ‘Auto Update’ link.
Now when there is a plugin update, WordPress will push it out and you won’t have to worry about it.
It doesn’t matter if you have one site or 50, you can setup auto-updates, and manage the sites, via WordPress.com.
What if something breaks?
There is a concern about what happens if something auto updates, and then takes down the site. Where as this is a valid concern, if you think that your site is that unstable, then it’s time for a new site. If you are concerned a plugin is going to break something, then why are you using it? Good WordPress code and plugins should not break when updated. Worst case scenario, you have a backup right?
What about themes?
Currently, WordPress.com doesn’t seem to have a way to keep themes updated. You’ll have to do that one on your own or choose other software.
Doesn’t WordPress auto update?
WordPress will update itself if it’s a minor update. Things like security or maintenance release will roll out and you don’t have to worry about it.
However, by default, WordPress doesn’t auto update plugins or themes. Well, with one exception. If they deem the issue to be critical, The WordPress team can push out an update to all WordPress sites.
If you don’t want to connect your site up to WordPress.com or add in the necessary lines to the config and functions files, you can use 3rd party software. InfinateWP, MainWP, ManageWP and iThemes Sync are all solutions for managing multiple WordPress sites. Features and pricing vary, but most have a free option to test out. I’m sure there are lots of other choices out there as well.
Security is about you.
At the end of the day, security is about you. Keeping WordPress updated, along with the themes and plugins, is your responsibility as a site owner. Neglecting to do this increases the chances of your site being compromised.
Even without auto-updates WordPress has made the upgrade process very easy as all you have to do is click a link or two. With auto-updates, it’s even easier.
Now, about those passwords.