Why should you always keep your WordPress site updated?

Author: Harry Cobbold
Close up on a laptop screen showing a WordPress icon and website

WordPress is probably the world’s most popular CMS and if you’re a frequent user of the platform you’ll know that it’s constantly being updated with the latest features and security upgrades. It can seem a little tiresome to constantly keep on top of these, but there are some really good reasons why you should: 


The number one way to ensure that your software is secure is to keep it updated. Because WordPress is open-source, anyone and everyone can study its code – including malicious attackers. Contrary to popular belief, malicious attackers aren’t normally some nerdy bloke holed up in his bedroom writing lines of code. Malicious attacks are often carried out by automated systems and rely on scanning for known vulnerabilities in tech to find ways to exploit websites.

Many times when an update is pushed live by software developers, it’s because a bug or issue with security has been reported and these updates address those vulnerabilities that hackers are likely to take advantage of. The new update fixes this security issue, but if you’re running an old version of the site then you won’t benefit from the security fix.

The longer a version has been around, the more likely it is that malicious attackers will find vulnerabilities. If you happen to be running the old version that they’ve found a security flaw for, you could be left wide open to a cyber attack. Plugins can also be exploited which we go into in more detail in this article.

The longer you leave between updates, the more out of date and the more well-known any potential security vulnerabilities are going to be.


Each new update helps to keep WordPress loading quickly and responsively. As the version you’re running becomes more and more out of date, you’ll also likely come up against incompatibility issues with your plugins, which can in turn slow things down.

Given that site speed plays an absolutely crucial role in SEO thanks to the new Core Web Vitals, this is just another reason to keep things updated for anyone who wants to be found on Google.

New features and bug fixes

This one goes without saying, each time you get an update any bugs or inefficiencies in the WordPress core will be resolved. In addition, you’ll be able to take advantage of any new and improved features the WordPress team have pushed out.

Updating strategies

It’s important that you trial updates on a test (or staging) site before you update on your live site. This is because WordPress, its plugins and the theme all have to play nicely together in order to serve the websites to your customers successfully. When you update your plugins, or WordPress itself, the changes can create new conflicts with the theme you’ve developed. This can cause new bugs or issues with the site. For this reason, it’s important to have a developer check over the site so you can fix things before you update the live site and ensure your customers are never on the receiving end of a new bug.  

How often should you update?

A classic “it depends” question but with one important factor to consider. The longer you leave between updates, the more out of date and the more well-known any potential security vulnerabilities are going to be. So it’s important to determine what level of risk is acceptable to your organisation (are you MI6 or a local cafe?). Typically at Unfold we update client sites on a monthly basis as this offers a sensible approach to both risk,reward and cost for most commercial organisations.

Regular backups

Whilst not strictly a WordPress update issue, while we’re talking maintenance it’s vital to make sure you’re capturing regular backups of your site. You’ll need to set this up with your hosting provider, or ask your web developer to do it for you. Here at Unfold we prefer to use Kinsta hosting for their excellent speed and support. They provide a daily backup service as standard, with the option to increase the frequency (which is useful if you’re an eCommerce site or you’re making lots of updates regularly). It means that if the worst happens and your site becomes corrupted or hacked, a fresh backup is just a few clicks away.

We'd love to hear from you

If you’ve got an idea for a new digital venture, email Harry for some honest, expert advice.

Get in touch