Screenshot of a mouse pointer hovering over the word 'settings'

Important – WordPress maintenance frequency

Through 2016 and now into 2017 as WordPress has become more sophisticated and user-friendly we have seen a sustained rise in the number of attacks on WordPress. Many of these attacks have come in the form of brute force attacks on login forms.

There has also been a steadily increasing number of updates released for the WordPress core software, which in turn has increased the number of popular plugins which also produce more frequent updates.

On one hand, it is heartening that the number of updates has increased as this means that vulnerabilities are being patched more quickly.

Line graph showing steady rise in wordpress releases between 2005 and end of 2016
Line graph showing steady rise in WordPress releases between 2005 and end of 2016

On the other hand, this means that websites which have infrequent updates schedules or where there is no website maintenance plan in place remain vulnerable for longer.The longer a website remains without being updated the higher the threat of it being hacked, defaced, damaged or deleted.

Whenever we feel there is a sustained change in threat level to WordPress we ensure we update our clients with new advice and best practice recommendations.

Our advice to our clients is always a balance between the available statistics and our ‘feel’ of what is going on in the industry. Such as:

  • The number of people that contact us because a site has been hacked or which is exhibiting unexplained behaviour
  • The number and type of issues flagged by the security software we install on websites take care of
  • Reports from companies such as Wordfence and Securi who work in the website security industry
  • Industry press
  • Talking with other agencies and gauging opinion
Line graph showing sharp rise in attacks on wordpress websites in 2017
Figures for total attacks gained from Wordfence monthly attack reports.

We have seen a noticeable increase in the number of new clients that come to us because their website has been hacked and blacklisted by search engines or had some kind of penalty imposed. Sadly often the case is that the client doesn’t have a recent backup that we can restore for them and there may be a significant cost associated with rebuild or repair of that site.

Those that have existing website care plans with us or whom we have built sites for in the past will know that we would have advised you at the time how frequently we consider you should update your WordPress website. Our general advice has been updated as follows:

Current Recommendations

Low traffic low importance website: Update & maintain monthly

Medium traffic, importance, e-commerce: Update & maintain fortnightly

High traffic, importance, high-value e-commerce: Update & maintain weekly/daily

Old Recommendations

Low traffic low importance website: Update & maintain every other month

Medium traffic, importance, e-commerce: Update & maintain monthly

High traffic, importance, high-value e-commerce: Update & maintain weekly

Firstly, don’t panic

Firstly, don’t panic. WordPress is still a feature rich, largely safe and easy to use content management system. Yes, it is true that WordPress has a larger number of attacks than many other content management systems, but it is important to keep this in context.

Approximately 30% of all websites active in the world run on the WordPress platfrom.

Approximately 30% of all websites active in the world run on the WordPress platform. As such it is reasonable to expect that there is a larger number of attacks reported. Please do not let this put you off using the system for your website.

WordPress remains the most user-friendly and simple to use content management system available. A large number of WordPress developers, agencies and plugin creators and maintainers mean that you have access to a well-maintained ecosystem for your website. Just keep it up to date and at the very least ensure you have regular backups made to a secure third party location.

Secondly, reduce the risks

We love how advanced content management systems have become over the last 5 years. The range of features and functions available via software like WordPress, Drupal and others have become truly game-changing. More than ever before, it is in the realm of possibility for an individual to run their own website and manage their own content.

However, over the last year, we have become increasingly aware of the importance of having even more frequent website maintenance and backups.

The cost of maintenance is largely insignificant next to the cost of repairing or rebuilding a website which has been hacked or deleted.

In addition to a regular care plan, we advise (and we install as standard) a firewall that detects and blocks a large number of malicious traffic to your website.

Contact us for free advice

We know that this can be a time consuming and technical side of website ownership and encourage any of you reading this that either doesn’t have a website care plan or who have not reviewed their plan in the last six months to contact us for a no-obligation discussion on 01903 527927 or using our project planner.

Our advice is free and our focus is on protecting your investment. Find out more about our website care plans, maintenance and updates here.