Are your WordPress plugins up to date?

Outdated plugins are one of the greatest security risk for a WordPress site

According to WPScan Vulnerability Database statistics , plugin vulnerabilities account for almost 25% of WordPress vulnerabilities.

Source: WPScan Vulnerability Database

By default, WordPress doesn’t update plugins automatically. Updates availability is reported with a red dot either on the dashboard “Updates” page or under “Plugin” menu.

Reporting is carried out by a cron job (wp_update_plugins) that is triggered twice a day (every 12 hours), that checks for each installed plugin, if there’s an updated version available.

If you have a single site to manage and you often connect to the administration dashboard, plugin update can be done manually directly by the site administrator.

On the other hand, if you manage several or even hundreds of websites, manual updating can be a very time-consuming task!

How can I protect my website?

As you may have guessed, there are a few plugins that allow setting automatic updates of installed plugins, without any intervention from website’s administrator.

The most popular plugins in terms of number of downloads and positive reviews are:

1) Easy Updates Manager

Easy Updates Manager

Plugin’s configuration is very easy and it does its job very well. You can set automatic updates of plugins and also WordPress core files, themes and language translations of every system’s component.

For an explanation about plugin’s configuration, watch the following video provided by developer:

 

2) Companion Auto Update

Companion Auto Update

Companion Auto Update is another popular plugin, very easy to configure and as the previous plugin, it allows to update WordPress core files, plugins, themes and translations as well.

Conclusion

Keeping your plugins up to date is quite a simple task. The major drawback of this automated approach is that updating a plugin may break your site, often because of a conflict between your updated plugin and website’s code.

In this case the best approach, in order to avoid any website breaking, is to perform plugin updating on a site’s replica (“staging site”) where plugins can be installed and fully tested.
Once they have been tested, installation can be performed in the main site (“live or production site”).

However, keeping your site’s plugins up to date is just a small piece of the whole WordPress securing process.

Securing WordPress is a very demanding task, that’s why we strongly advice to look only for information security experts to help you keeping your website running and secured.

Need help to secure your website? Secure my website

Any question?

I would be happy to answer!

Share on facebook
Share on twitter
Share on linkedin
Share on email
Roberto Jobet
Roberto Jobet

I am a Linux system engineer and an infosecurity specialist with an expertise on WordPress security. I offer professional services to ensure the confidentiality, integrity and availability of WordPress sites.

All posts

Other posts that might interest you!

Leave a Reply

Your email address will not be published. Required fields are marked *