My hosting company told me that I needed to keep my plug-ins updated to ensure my WordPress site isn’t hacked. How do I keep everything up to date?
Your hosting company is exactly right that while WordPress is a fantastic platform for publishing content, whether you want it to look like a blog or not, it’s critical that you keep everything updated. Failure to do so with even a seemingly minor plugin can result in that one opening that a hacker needs to break into your site and deface it, add malware, or completely hijack your site completely!
In the latest versions of WordPress, the program itself will automatically apply updates, which is terrific. But you’re on your own with plugins, so let me show you the step-by-step on how to update things. Before we go further, however, another tip: use the very minimum number of plug-ins possible. Some people seem to install dozens, but I think that less is better.
When you’re logged in to WordPress, every page on your site should have a menu bar along the top, but there’s a nuance: it might not show you available updates anyway. For example, on my GoFatherhood site, no updates are shown:
But on one of my other WordPress sites, How-To Video Source, there are updates:
Here it shows that there are 3 updates. The difference? In the former case, I’m logged into the WordPress account that’s just a writer account, but in the latter, I’m the administrator. You’ll need to be the admin on your WordPress site to be able to update plug-ins!
Updates are shown in the menu bar, but if that’s disabled, you might instead see the Updates shown on the main WordPress menu:
In either case, click on the update graphic or menu item to see what’s new and available. The first section should always show you that you’re up-to-date with WordPress itself:
What you want to see is “Future security updates will be applied automatically”.
Further down on the same page you’ll see what plug-ins have updates:
In this instance, there are three plugins with updates: Contact Form 7, Google XML Sitemaps and Yoast SEO. Notice each specifies what version you have installed, the latest version and offers details on what’s changed. Keep an eye on compatibility too – all three of these show 100% compatibility with the current version of WordPress.
Best practice is that you now do a quick backup before you make any changes. That’s a good habit to get into, but I’m just going to assume you’ve done it so we can proceed.
Ready to update? Check the box adjacent to each plugin or the “Select All” box to select them all at once. Then click on the “Update Plugins” and it’ll show you an almost blank screen with just “Update Plugins” shown. After a few moments, however, all the status updates will appear at once:
It’s super rare for an update to fail, so odds are very good this is the exact sequence you’ll see. Notice that the site goes into “Maintenance mode” during an update too. That prevents comments and other changes to ensure things don’t get out of sync and only lasts the duration of the update process (rarely more than 15-20 seconds).
And you’re done. Your WordPress site now has updated plugins. To keep things up-to-date, just make sure you log in every 3-4 days and check for updates or keep an eye on the update icon on the menu bar!