October 31, 2017
As sure as winter follows summer, here comes another Wordpress upgrade. I’ve just received emails from the sites I run to say that Wordpress 4.8.3 is now the recommended version. It looks to be a pretty important update - billed as a security release. The advisory page says:
we strongly encourage you to update your sites immediately
That’s Wordpress code for “We’re probably aware of something nasty wrong in the old versions and if you don’t get your site(s) updated / patched don’t blame us if someone or something nasty gets into your site!”
How do I know when a Wordpress update is available?
In some cases, your site can update itself for you. In which case you will get an email which says something like:
Hiya! Your site at http://example.com has been updated automatically to WordPress 4.8.3.
You shouldn’t breathe easy, though. It’s a good idea to see if you’ve any updates for any plug-ins and whether they are compatible with the latest Wordpress version.
If auto updates are not enabled or fail for any reason you may be sent a message like:
[Example Site] WordPress 4.8.3 is available. Please update! Please update your site at http://www.example.com to WordPress 4.8.3.
Again a check and update of plug-ins to be updated is well worth while.
How do I update my Wordpress site?
Log in to the back end of your site. Click the Update button. If you’ve not got Administrator privileges then maybe you’ll need your web person / host to do it for you. There are a series of steps, plainly signposted. The process is mostly automatic and should take no more than a few minutes.
What are the risks of not updating?
Site Defacement - where rude and / or political messages / images are put on the website. Or pages can be uploaded to act as destinations for phishing exploits such as those emails that purport to come from your bank.
Malware infestation - where your website becomes the means by which viruses and trojans are distributed to your hapless visitors.
Updating is sensible. Having a completely up to date site doesn’t mean that a determined cracker won’t be able to gain access. It does mean that it’s that much more difficult to hack and hopefully less vulnerable to automated assaults. Hackers looking for “low hanging fruit” are more likely to look elsewhere among the myriads of poorly maintained sites out on the web.