We help out a local non-profit organization with content updates on their website and every time I log-in and sees the "WordPress Update Available" link it takes every ounce of my strength not to push it and do the updates.
WordPress is used by roughly a billion* websites. It's a platform that is regularly updated to address bug fixes and vulnerabilities that have been found in its code. Unless you have your site set up to update automatically, it's up to you to update your WordPress - and all your Plugins - to the most recent version with all the known holes patched.
But the truth of the matter is that many people do not update their WordPress version. It could be because they never actually login to the admin area of their site and have no idea there's an update. Or they're afraid that if they do an update, it will break something else. They might think they need to pay for it, or they don't know what it is, or a million other reasons that result in a large percentage of WordPress sites running on old versions, many of which with known security vulnerabilities. If you're into hacking sites, finding WordPress sites is a good start.
With our friends at the NPO, their lack of doing WordPress updates was a reasonable one: their custom-built template, which was a donation from someone several years ago, had aged out and would no longer operate on the new version. Out of habit, I clicked the "Update WordPress" link one day and it quite literally took down the entire website. Alerting someone that you destroyed their website when all you went in to do was to update a photo on the home page is pretty embarrassing and I had to rope in our dev team to undo the damage I had done.
Our NPO friends put off updating their WordPress site for years until this week, when they came to work and noticed that their entire site was down for no apparent reason. They hadn't done anything, I hadn't broken it again, and the only indication of what it might be was a PHP file warning.
Again, I brought our amazing dev team in to save the day. Here's what happened:
Webservers will push critical updates if they need to for security. If your website is outdated, these updates can cause your site to break.
Running outdated interfaces on newer technology gets messy. It's like when you go to your grandma's house and she's running Internet Explorer 3 and your favorite sites don't load - they're just not backwards compatible and your website template is no different.
If you want to keep your ship sailing, you need to keep the CMS, the theme and your plugins up to date. It's like keeping your car maintained to prevent breakdowns. No one wants to have to pay for a new engine, and no one wants to have to pay for a new site. You put yourself at serious risk when you're not doing your due diligence to maintain your website.
In a bit of 'good news, bad news' the custom theme was no longer able to run and the entire design of the site was toast (that's the bad news). The good news is that now they get to have a new website design that we'll be able to update on the regular and prevent this from happening again!
The unfortunate truth is that they're now in a bind having to rush to salvage what they can instead of going through the design and strategy process to ensure that this new iteration of the site is one that serves their purposes. They'll end up launching with an MVP WP site and will have to work to get it back to where it was, instead of starting with the time and foresight to get it where it could be.
Luckily they have a stellar digital strategy & development team (us!) at the ready to make their new site amazing instead of having to try and pick up the pieces themselves. Not everyone has an on-call team of pro-bono website builders they can reach out to.
If you haven't been doing your regular WordPress maintenance, it's time you started. If you're worried about breaking your site by pushing updates, or if you have a complex integration that you don't want to disrupt, you need a partner with the resources to manage these updates and keep things running smoothly. We offer affordable WordPress development maintenance retainers that are perfect for people who rely on their business to be up 24/7, but who aren't able to willing to fix things when they break, as they inevitably do.
*I made this stat up