It’s no secret that people don’t upgrade WordPress, even when they should. We usually put this down to laziness or ignorance, but believe it or not, there are sometimes valid reasons to hold off on the upgrade. Valid business reasons. But of course, that comes at a price. And sometimes that price is higher than we expect.
But Why Not Just Upgrade?
To understand this, you need to grasp the two aspects of a website – the technology end and business end. From a tech point of view, you should always upgrade WordPress immediately. In fact, just put it on “auto” and let it upgrade itself! No more security issues and everyone is happy, right?
The business side of a website is just as important, and there are some good reasons why someone will want to hold off on upgrading immediately. Fundamentally, a site that’s generating revenue should be allowed to run undisturbed. The whole “If it ain’t broke, don’t fix it”. Businesses are inherently far more risk-averse than the average tech person. And who wouldn’t be if you have a steady revenue stream?
It’s for this reason that so many Linux servers are running on older versions of the Operating System. I know people continue to use CentOS 6 even though CentOS 7 was released way back in 2014! Because a website is a complicated machine with thousands of moving parts. You can never predict how a routine upgrade is going to affect your site with so many interdependencies.
No Security Patches for WordPress…Unfortunately
But even though lots of servers still run older versions of Operating Systems, these are not considered a security risk. The reason simple – security patches. OS vendors are well aware of the slow-moving nature of Operating Systems, and so they continue to release security updates for older versions, long after a more updated one is available.
In fact, they often have a guarantee for how long an OS will receive security updates. For example, CentOS 6 will be supported right until the end of 2020. Almost 10 years after its initial release in 2011. This allows businesses enough time to properly transition their migration to the new operating system, by allowing them to test the various interactions.
Sadly, WordPress doesn’t have the same system.
WordPress bundles security updates and normal updates at the same time, and there’s only one “latest” version. This means you don’t have the option to keep your site secure against the latest threats without upgrading to the newest version. It’s a problem for a lot of businesses.
“Patching” WordPress without Updating the Version
And this is where NameHero can help. Earlier this month, we partnered with Patchman to offer free patching for WordPress installations without needing to upgrade to a newer version. This is quite the breakthrough for businesses because it allows them more time to transition to a newer WordPress version without breaking their site.
You can access Patchman from the NameHero cPanel like this:
Patchman scans your website and does two things:
- Removes existing malware by quarantining them
- Patches known vulnerabilities in files
Now obviously there are limits to how many vulnerabilities it can fix. If a weakness is due to a systemic flaw in architecture itself, merely changing some files won’t help. But when there’s a vulnerability that requires just a couple of files to be replaced, Patchman can do that automatically for you.
This ties in with NameHero’s Imunify360 that identifies different types of security failures on your site such as bad passwords etc. Together, they harden your site from multiple angles, making it pretty impervious to malware and hacking.
And all of this is completely free. It’s an amazing addition to our hosting service that already has many free add-ons like server caching, backups, and much more.
I’m a NameHero team member, and an expert on WordPress and web hosting. I’ve been in this industry since 2008. I’ve also developed apps on Android and have written extensive tutorials on managing Linux servers. You can contact me on my website WP-Tweaks.com!