Update your WordPress website now! If you don’t know how, read on…

On Thursday 6th June there was a concerted effort to hack WordPress websites from a Russian botnet. Basically robotic programs were looking for weaknesses in WordPress sites, injecting malware and malicious code into them and then taking control of the mail server to send out hundreds of thousands of spam emails. Many WordPress websites were infected costing hundreds of pounds to clean and fix. 

How did the hackers get in so easily? Website owners not updating their WordPress sites, plugins and themes. A five-minute job that could have helped a lot of people from spending out a lot of money. 

Security updates are released on a weekly basis

Your website is vulnerable to attack if you don’t take the time to update it. Hackers find new flaws in website code all of the time and use it to break into websites. Various things can happen as a result. This time, they were only looking to send out spam emails. But it could have been to steal credit card details or hold websites to ransom. 

In order to patch the flaws, WordPress, the developers of WordPress Plugins and WordPress Themes will regularly release updates to their products. But if you don’t install them, then your site is not safe. It’s a five-minute job once a week, so here’s how you do it. Just click or tap on any of the images below for a larger view. 

Have I got any updates? The telltale signs

When you log in to the backend of your WordPress website there are multiple ways to see if you have updates.

If there are available updates, a number in a coloured circle will show next to the word Dashboard, or next to the word Plugins. Other places to look are at the top of the screen on the black bar by the update icon or at the top of the middle of the screen on the white background if it is a core WordPress update.

You should login at least once a week to check, make a note in your diary, or add a reminder in your calendar or on your phone. 

OK, there’s updates there, what do I do now?

Click or tap on any of the update indicators that you see. I’d normally click or tap on the one at the top on the black bar myself. An update page will load showing you all the updates you need to run. This would normally start with the plugins.

Simply click or tap on the box that says Select All and then click or tap on the button Update Plugins. Give it a couple of minutes and you’re plugins will all update to the latest versions.  

Next up should be any theme updates

If there are any updates to your website’s theme, these would be next. The theme is the part of the site that dictates how it looks, but can also contain functionality that hackers could take advantage of if there are any unpatched vulnerabilities. 

In the same way as above, click or tap on Select All and then the Update Themes button.  

Finally, update your WordPress version

This is known as a Core update, all of the files for the WordPress content management system. These updates are super important to do, the most recent hack took advantage of unpatched versions of WordPress. But these ones have to be done last, after you’ve updated all your plugins and themes. 

This time, just click or tap on the big blue Update Now button to update to the latest, most secure version of WordPress. 

That’s it, you’re all done

Once you’ve updated everything you’ll see none of the numbers in circles anymore and when you’ve updated your version of WordPress it’ll tell you that you’re running the latest, most secure version. Now you can sit back and relax for a week before having to check it all again.

Trust us when we say it’s worth the five minutes of your time.