Those of you with WordPress web sites like the one you’re reading (and there are millions of you) have all seen the nagging messages about updating your version of WordPress – right?
And you get on that right away, right? What? You don’t?
Procrastinators, unite! (pretty soon…)
This may disappoint you, but I am as guilty of procrastinating this as anyone. Not only can things go wrong when you update WordPress or a theme or plugins, but it’s all too easy to just say, “Maybe this weekend.” Or “Maybe next week, when I’m done with X.”
Also, not all updates are created equal. While some are essential to protect your site from ne’er-do-wells, some simply aren’t. Some offer tweaks to features you don’t use, make some functionality easier or prettier, or are correcting situations you aren’t likely to find yourself in if you are small like me.
So it’s with great regret that I must pass on the bad news: We all have to do it this time.
WordPress announced this week that a security flaw was found by some sharp-eyed development partners that would allow hackers to exploit web sites built in WordPress and in the content management system Drupal (example: WhiteHouse.gov) I could geek out on you with the technical specifics of it, but the gist of it is that a Denial of Service attack will bring your site down like a ton of bricks, and it will take a lot more to put it back together than it will to just take the time to update now.
The word on the wire? It’s important for owners to make sure they update to the latest versions of WordPress and Drupal to fix the new flaw and, in general, to begin keeping a closer eye on bug fixes.
Don’t know how to tell what version you have? Click Dashboard >> Updates in the upper left if you have a WordPress site. You’ll see it there. You’ll also see everything that’s out of date. Read on before you start clicking away at those update buttons!
What it takes
It’s very possible that your web site hosting company, knowing a potential firestorm when they see one, has already upgraded you automatically. If not, WordPress itself, which is scary-smart, may have patched itself up; it has been quietly updating itself since version 3.7. If you have received any messages about this in your email or on your Dashboard (have a look!) please review your site’s pages and functions to be sure nothing blew up.
0) Set aside some time for this, and make sure you’re not doing it at a time when you’re expecting a big crowd to show up at your web site, if possible. For example, if you have a workshop coming up and registrants are trying to register; if you are publishing a blog post; launching a new product; and so on.
1) Back that thing up: If you need to manually update your site, I would strongly advise backing up all files and databases beforehand; in the event something unseemly happens, you’ll be able to restore your site while you figure out what’s gone wrong. If you don’t know how to do this, give us a shout.
2) Turn off any caching programs that may be running on your site. Combine this with #3…
3) Contact your web person or hop on The Google and ask whether there is any reason why you should be concerned about the latest update(s) of WordPress or of plugins. He/she/it may be able to tell you whether a given update is important, what problems are being reported on the Web about it, and generally, may know whether the theme and/or plugins you are using will spit up hairballs when you upgrade.
4) Take the leap, step 1: There are three big elements that frequently need updating: Your theme (the design your site lives in), your plugins (that run things like your contact form and shopping cart) and WordPress (the engine that drives it all). Update your plugins and your theme first, then…
5) Take the leap, step 2: If you have backed up and you’re not getting any bad news from your web person, go to Dashboard >> Updates and do what the man says. Update WordPress to the latest version.
6) Take a good look through your site and test out all of the different kinds of pages & posts you have. Look at your sidebars and photo galleries and blog posts – and store – give it a good run-through to be sure everything that worked before still works.
We’ll do it together
Okay? I am going to print off this blog post and stick it on our bulletin board at Web Sites for Good Intergalactic Headquarters, so I’ll be there with you in spirit.
As always, I’m here to help if you need me.