If you fall behind on your website security and maintenance, you're all but asking to be hacked. (Most hacked sites are behind on publicly announced security updates.) If you use the ever-popular WordPress platform or follow any type of web-related news, you know there are seemingly endless updates and upgrades, many of which are related to some security issue or vulnerability. Keeping your website and its components up to date and secure is an ongoing maintenance task that you cannot afford to overlook —— however confusing it can sometimes seem. Here's what you need to know.
Upgrade versus update
The terms upgrade and update are subtly different, and often the terms are used interchangeably. An update is a small change that fixes some issue or repairs some flaw in a minor way. An upgrade is more involved and can have a greater risk. In WordPress, for example, updates and upgrades as usually distinguished by version numbers. Moving from version 4.1 to 4.1.1 is an update while moving from version 4.1 to 4.2 is an upgrade. The usual reason for an upgrade is because it needs to change the structure of your database. And once done, the database will no longer function with older versions.
When to update or upgrade
The first rule of updates and upgrades is to be sure you have a back up. Most updates should be installed as soon as they are available. Updates to plug-ins are usually minor and lower risk. If the plug-in update changes some appearance or function it can usually be easily fixed. WordPress updates are also low risk because they don’t change your database.
Upgrades should be more carefully considered. When I am facing an upgrade, I look at the notes about what changes are expected and how that may affect the site. I make sure the entire site is backed up including the database, and I schedule to do the upgrade at a low-traffic time and when there is time to thoroughly check the site after the upgrade. After an upgrade, be sure to check your site on multiple devices and in different browsers, including mobile. Mobile website functionality is becoming more important.
Sometimes there are surprises in upgrades that change the functionality or appearance of your site. Recently I had a major theme update on a client site that changed the definition of styles used in the footer. All of the footer styles set in the original design broke because the new definitions used different names. It was a simple but time consuming fix.
Back ups, automatic back ups, and entire back ups
As I mentioned earlier, the first rule of updates and upgrades is to have a good back up. There are many ways to do this, and for WordPress at least, there are multiple plug-ins to help you in backing up your website. Every website platform is different, but the essentials are the same. You want to be sure you not only back up your WordPress database, but also the entire “public_html” folder, which should contain your WordPress files, themes, and images. Be aware that some back up plug-ins only back up some of your files. You want to be able to access your website host C-Panel to back up the database and entire directory. After you back up and download your back up files off your server to some other computer, I suggest opening a copy of the back up to be sure you have files you can reinstall if needed.
I use different back up schedules for different components and different websites. The frequently changed WordPress database gets backed up frequently (weekly or monthly). The rarely changed WordPress install and theme files get backed up less frequently (bi-monthly or when there is an update or upgrade), and the entire “public_html” directory, which includes the WordPress files, themes, and images as well as a few .php files and the auto-backup files are backed up and downloaded quarterly. Sites with more traffic and more frequent changes may be on a more aggressive schedule.
Automatic website security versus peace of mind
If you are using WordPress, it's a time-saving convenience to enable auto updates whenever possible. Auto updates will only update your WordPress installation. (You must manually perform the riskier upgrades.) Some design themes also make updates automatic. Whether or not you enable auto updates, you should check your site dashboard at least weekly to see if there are pending updates and upgrades and proceed accordingly. Make the time now to configure a backup plug in or server chron job to make back ups automatic and routine. If you ever need it, you’ll be glad you did the work ahead of time.