A recent WordPress update notification brought a client some concern. The concern was whether WordPress being updated would cause an issue we experienced to re-appear. In this case it didn’t, and the odds of updates causing issues is generally low. However, there is a liability in updating. It’s just that the potential costs of not updating outweigh the potential risks.
Why Does My Site Send Me Update Notifications? What’s Going On?
Updates are always occurring on web sites and the web servers they’re parked on. This can seem confusing or distressing if you’re getting update notices and don’t understand what they mean. This article attempts to explain why updates are needed, what updates imply and how updates occur.
Updates occur when there’s changes to the code published by technology authors, producers and vendors. This change often includes new, improved functionality that adds to its usefulness and is nice to have. Updates are considered critical when they contain corrections to code that remedy flaws, often security vulnerabilities. When a vendor discovers a hole in their code, a way that the code or site can be hacked, they don’t publicize the problem. Instead they release a new update. As a site owner and manager it’s critical to install updates as quickly as they are released, as often as possible. This is a standard best practice that’s painful to learn the importance of in hindsight.
How much do you need to stay on top of updates with WordPress?
One nice thing about WordPress, particularly in conjunction with multi-site management tools like Jetpack, is the frequent availability of automatic updates. It’s possible to configure a site to automatically update in most cases. Not everything automatically updates however. For example, some plugins and most themes don’t automatically update. A plugin or theme author has to choose to enable automatic updating and so does the site owner.
What’s the liability in applying updates?
The biggest concern in applying updates is that it may introduce an incompatibility with another plugin or the theme being used. In these cases the site could present a visibly evident malfunction. Certain features might disappear or unique configurations of the plugins might be ignored. When updates occur it’s smart to check the site, particularly around the functionality associated with the plugin. Sometimes malfunctions aren’t immediately evident and impact things like data collection. These kind of malfunctions are detected in hindsight and aren’t as critical to the visitor experience.
What happens if a site is neglected and things aren’t kept up to date.
Neglecting a WordPress instance, letting the WordPress core, plugins and theme age without applying updates is risky. It makes the site vulnerable to hackers using the same techniques recent updates prevented. More often it can cause the site to malfunction altogether from automated updates introducing incompatibilities that disable the entire site. Sometimes a certain component might auto-update and leave the rest behind, introducing site disabling factors as well.
What other things need to be updated besides the WordPress Core, plugins and the theme?
Web 2.0 websites driven by content management technology are only slightly more complex than the first kind of websites that didn’t use content management systems, plain HTML file Web 1.0 sites. This is because there’s only a little more code and complexity added compared to the number of layers and scope of complexity that exists beneath web sites. A web 2.0 site sits on a web server. Both the site and the server are made of different layers of technology that depend on each other. Each layer is designed to fulfill its role independently. This makes them able to be updated independently.
The technology layers of a web 2.0 website:
- First there’s a network infrastructure with transport and addressing protocol that exists independent of the server. The server depends on this because it is the server’s connection to the Internet.
- Second there’s network appliances like routers, hubs, gateways etc. These allow the physical machine to connect to the network infrastructure.
- Third there’s the server hardware itself that includes the CPU, memory, storage devices and network interface.
- Fourth there’s the server operating system, for example a flavor of UNIX like Centos.
- Fifth there’s software on the server to serve database requests and serve file requests (for example hypertext protocol requests)
- Sixth there’s language interpreter code that allows the server to understand how to serve dynamic web pages
- Seventh there’s CMS core code that defines the CMS management and publishing features
- Eighth there’s theme and plugin content that get installed after CMS code
- Ninth there’s database layout and content holds the configuration of the CMS code, theme and plugins
- Tenth there’s website content added by CMS managers including text, images and configurations per-page.
The beauty separating these layers is that they can be interchanged and updated independently. Most of the time the updates that occur to the first six layers is completely invisible to website owners. Things just get faster, that’s all a WordPress administrator might notice. Additionally, people who manage the content don’t need to be concerned with the first nine layers. If they’re working correctly without delay that’s all that matters.
However, sometimes an update beneath a layer can present issues that don’t get detected immediately. Although an error code is ugly it’s a lot easier to spot than content or behavior that’s missing. Website stakeholders need to be conscious that using a CMS system is like driving a car. Most days it will work, won’t break and there won’t be any accidents. But problems will occur, and when they do occur they need to be fixed.
We do our best to only use components we’ve tested ourselves on demo, staging and less critical public facing sites. When we install new components or apply updates we go through testing we consider appropriate for due-diligence, but we cannot test everything or foresee all circumstances.
What should you do to help keep things running smoothly?
- If issues are being reported as errors in the back-end administrative section or on the public-facing content of a site this should be brought to our attention immediately. We will make every effort to resolve it immediately.
- If you want to install a new feature or plugin, and you’re concerned about compatibility, run it by us and we’ll take a look at it.
- If you get a notice, as a site owner, that confuses you don’t hesitate to forward it to us. We’ll let you know if we’re concerned or find an issue.
- If a site visitor complains or reports a new issue let us know immediately.
- Most importantly never hesitate to get site errors remedied as quickly as possible. Having errors on your website is a poor reflection on your brand.