Updates to WordPress core, plugins, and themes often increase security by patching vulnerabilities and strengthening against attacks. To reduce the risk of your site being hacked or compromised in some other way, update!


When any expert talks about WordPress security, one of the first things they mention is to install updates. Hackers and other malicious parties watch the release notes. As soon as they learn of a vulnerability, they start exploiting it. So, you need to update as soon as possible to reduce the time that your site is vulnerable.

Not all WordPress updates include security patches, so it’s not always critical to update ASAP. Major releases of WordPress (versions with a single number after the decimal, such as 3.5 and 3.6) don’t typically include security fixes, so it’s usually OK to wait 1-7 days to install them.

Updates to WordPress core, plugins, and themes often fix bugs that were discovered in previous versions. To get the fixed version, update!

Updates to WordPress core, plugins, and themes often add new features and functionality. To take advantage of them, update!

Here’s the update process I recommend:


  1. Read the release notes or changelog to see what the updates change.
  2. If possible, test the update on a development site. That way, if anything breaks, you can troubleshoot before updating your live site.
  3. Back up your site. You should already have it backed up automatically and routinely using a backup plugin like BackWPup, but it never hurts to make another backup.
  4. Install the updates.
  5. Review and test your site. Focus on the items that were noted in the release notes or changelog.

Not everyone wants to be bothered by the update treadmill. If you have better things to do, I’d be happy to talk to you about my WordPress maintenance service, which includes updates and backups.