I’m a newbie with Wordpress and have been told by more than one blogging expert that it’s important I keep my plugins updated since there are apparently lots of hackers who use plugin holes to sneak in and mess things up. Which leads to my question: how do I update my Wordpress plugins?
Those blogging experts are spot on, and it’s important to make sure that any software you run nowadays is up-to-date, whether it’s your operating system, your favorite word processor, or your content management system. WordPress, as an open source system, is more vulnerable because the patch lists that the development team uses to explain new updates is the same list that hackers read to identify exploits that they can quickly use.
This means that if, say, there’s a buffer overflow problem that’s fixed in version “.37” and you’re still running “.36” a week after the new version has been announced, you’re at greater risk that someone will attack your site using the buffer overflow that’s been fixed, but not on your WordPress blog.
And this works x10 with plugins because there are tons of them and while many are written by great software developers who test extensively, others are sloppy and can have lots of holes and potential exploits, yet aren’t updated very quickly. So keeping everything up to date and ensuring you are running the latest versions of the WordPress app and the plugins is just plain smart.
Fortunately WordPress makes it pretty obvious when there’s an update to be applied. Here’s the top left view of a typical WP site:
Notice along the very top the two circular arrows and the “1”. That’s the easiest way to see that there are updates (in this case 1 update). This is redundantly shown on the left side where it says “Updates” and has a “1” in a circle. Pretty obvious!
Click on either and you’ll go to the (rather long) WordPress update page:
The top part shows whether there’s an update to WordPress itself (in this case there isn’t), the middle portion shows what plugins have updates (I have one), and the third section indicates if there are any themes with updates. Yes, themes. In fact, themes are now one of the most common ways people hack into WP installs.
In my case, the Wordfence Security plugin has an update and since it’s a plugin that helps me keep my blog secure, well, it’s even more important I keep it updated!
To do that, simply check the box adjacent to the plugin needing updates, or simply “Select All”. It’ll look like this:
Now click on the “Update Plugins” button and WP will update everything as needed:
In this case, Wordfence Security works slightly different to some other plugins, so its update steps involve temporarily going into maintenance mode.
Finally it’s done, everything’s updated and the top info changes to reflect that:
I recommend you check for updates at least weekly on your WordPress blog, if not every 2-3 days. If you hear of people getting hacked or having their blogs defaced, check right then for any updates and, of course, apply them immediately.
That’s the trick. Hope this helps you!