• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
NameHero® Blog

NameHero® Blog

Web Hosting Tips & Resources From NameHero

  • Hosting
    • Web Hosting
    • WordPress Hosting
    • WooCommerce Hosting
    • Enterprise Hosting
  • VPS
    • VPS Hosting
    • Flex VPS
  • Reseller
  • Email
  • Gaming
  • Domains
  • Website Builder
  • Account
  • Blog Home
  • Categories
  • Authors

I Don’t Immediately Update All WordPress Components. Shocked?

Bhagwad Park

Published on: May 20, 2019

Categories: WordPress 1

It seems that every day there’s a new story about someone’s site getting hacked. Typically, these stories are light on details about how exactly the site was compromised. What was the attack vector? Did it involve a rogue editor or author, or was it a brute force attack? Is there anything we as users could have done to stop it? Crucially, what do we do now that can prevent it from happening to us?

A study in 2016 by WordFence shows that the overwhelming number of attacks were through plugins. Specifically, outdated plugins were the biggest vector. Clearly there’s more to the story – did the attackers have access to the backend? How much of a risk is there if you’re a single-owner business?

Updating WordPress Conundrums

Over the years, WordPress has made it a lot easier for users to automatically update everything. There was a time when I had to manually click the “update” button for each WordPress plugin. If I had 10 plugins to update, it was painfully slow! Then there are themes that require updates, and of course, the WordPress core itself. Keeping up with all this was a pain and I came to dread even opening my admin section.

But then WordPress pushed out a new version that allowed us to update everything all at once – and it all happened without blocking the editor! So easy. WordPress 3.7 even let us download security and maintenance releases automatically.

In addition, most web hosting providers now

So What’s the Problem?

All this sounds great. However, the only updates I automatically install are those belonging to the WordPress core. On my hosting provider, I turn off automatic updates for themes and plugins. The reason? I don’t want my site to break.

Like it or not, most developers don’t spend enough time testing their code. WordPress, in general, does a fine job with its core updates thanks to its nightly builds and the huge base of developers willing to iron out kinks. Even then large updates like Gutenberg come with some bugs. Here’s one example of a very frustrating bug with Gutenberg with prevented the preview of a post from showing the updates in the presence of metaboxes.

Sites Value Continuity More than Anything

My site makes money. I want that money to keep flowing. As a result, I’m paranoid about anything that can break it. Updates to plugins developed by 3rd parties frequently have bugs that get ironed out over the next few days. The more popular plugins are of course fixed even faster.

My Golden Rule

I have a standardized rule – “Do NOT update a plugin unless the latest version has been out for at least 4 days.” This grace time period is personal preference. I feel it’s long enough for any page breaking bugs to be isolated and fixed.

What About Security?

Unfortunately, this does expose my site to some risk. I already follow whatever security best practices I can like renaming my login page, maintaining blacklists etc. But there’s no doubt that not updating plugins immediately carries a risk.

Which is why NameHero’s Patchman is so useful. It’s a server-side script that scans your WordPress websites for vulnerabilities and fixes them without necessarily updating your version number! It’s a great “in-between” solution for those who want to find a balance between reliability and security. In addition, Imunify360 on NameHero scans your sites and fixes them if they’re compromised.

These two free cPanel plugins from NameHero working together can keep your site safe while you take the time to ensure that your updated plugins won’t break your site. If you’re not on NameHero, then I suggest you find another tool that can warn you if something gets hacked and allows you to rollback your changes!

Bhagwad Park Profile Picture
Bhagwad Park

I’m a NameHero team member, and an expert on WordPress and web hosting. I’ve been in this industry since 2008. I’ve also developed apps on Android and have written extensive tutorials on managing Linux servers. You can contact me on my website WP-Tweaks.com!

Related Posts

Four Ways To Fix “The package could not be installed. The theme is missing the style.css stylesheet” Error on WordPress

If you've run into the 'The theme is missing the style.css stylesheet.’ error, check out our guide for four ways to fix them.

How To Start A WordPress Blog (Five Easy Steps)

Starting a WordPress blog is easy, especially with NameHero. Llearn all the in's and out's with our guide.

What Is A WordPress Sitemap? (And How To Generate One)

Learn what sitemaps are, and discuss why you should have one for your WordPress site and how to create a sitemap and submit it.

Drupal vs WordPress: 4 Key Differences

Drupal and WordPress are often grouped together as open source Content Management Systems (CMS). But in practice, WordPress and Drupal couldn’t be more different. Picking the wrong CMS for your project can make development a lot more troublesome. With the right approach, WordPress can be the backbone of almost any type of website. Drupal, on […]

Reader Interactions

Comments

  1. Snerdey says

    May 21, 2019 at 7:16 am

    After all these years, why can’t WordPress be more proactive to users like how it’s almost impossible to hack a Mac?

    Reply

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Primary Sidebar

Follow & Subscribe

Exclusive promos, content and more!


Most Popular Posts

NameHero’s Recommended WordPress Plugin and Theme Setup (2024)

WordPress Hosting vs. Web Hosting – What’s The Difference?

How To Increase The InnoDB Buffer Pool Size

How To Fix A Stuck All-in-One WP Migration Import

How To Add A Subdomain In Cloudflare

Top Categories

  • WordPress
  • WordPress Tutorials
  • Enterprise Hosting
  • WooCommerce
  • Web Hosting
  • Resellers
  • Website Security
  • Website Development
  • Website Performance
  • VPS Hosting
  • SEO Tips
  • Announcements
  • Domain Registration
NameHero

NameHero® proudly provides web hosting to over 40,000 customers with 99.9% uptime to over 750,000 websites.

  • Master Card
  • Visa
  • American Express
  • Discover
  • Paypal
Products
  • Web Hosting
  • VPS Hosting
  • Flex VPS Hosting
  • WordPress Hosting
  • WooCommerce Hosting
  • Reseller Hosting
  • Enterprise Hosting
  • Email Hosting
  • Game Hosting
  • Domains
  • Website Builder
Help & Support
  • NameHero Blog
  • NameHero Gaming Blog
  • Support
  • Help Center
  • Migrations
  • Affiliates
  • Gaming Affiliates
  • Call 1-855-984-6263
Company
  • About Us
  • Contact Sales
  • Reviews
  • Uptime
  • We're Hiring

Copyright © 2025 Name Hero, LLC. All rights reserved.
NameHero® is a registered trademark.

  • Privacy Policy
  • Terms of Use
  • Acceptable Use Policy
  • Payment Policy
  • DMCA