I can still remember the first time a WordPress website I managed was hacked.
Everything was going along great…
It was a small local business’s website so they weren’t getting a ton of traffic, it was really just an informational site so there wasn’t much for me to update on a regular basis, and the client was happy paying me just for the peace of mind of knowing I was there if anything ever did happen.
Of course, I never thought anything actually WOULD happen to their site, so I wasn’t worried about it at the time.
That’s when I got this email:
What’s worse is, when you Googled that local business, Google had put a warning underneath their search result that said something to the effect of, “Don’t go to this site because it’s been ovetaken by hackers” – basically. I can’t remember exactly how Google worded it, but it wasn’t much more welcoming than that.
In other words, Google had condemned the entire site, and put a stamp on it for everyone to see.
The terrible thing was, we were running a marketing agency at the time, so most of our clients’ websites were sitting on the same server as the one that got hacked.
Long story short, most of our clients’ websites ended up having some form of malware on them. We paid a hefty sum of money and spent a stupid amount of time going through and cleaning all of it up.
Needless to say, it was a nightmare from a business perspective.
And you know what caused us all of that havoc, pain, money, and time spent?
We didn’t keep our WordPress sites updated.
Apparently, there were a few plugins we were running that had security vulnerabilities. Those developers had pushed updates to patch the holes, but because we didn’t update our websites as regularly as we should have, we never got the fix.
And boy did we pay.
Why you need to keep the WordPress core, themes, and plugins updates
Would our sites have been hacked if we had kept everything updated? It’s possible. But much less likely.
I tell that story not to scare you, but to show you how important it is to keep your WordPress core, themes, and plugins up-to-date.
The point is, updating a WordPress website is unbelievably simple and it’s one of the best ways to protect your site from security threats.
I think we all know instinctively that updates are important, but we put them off because they’re not a priority in our minds and we tell ourselves we’ll do it when we get some down time.
The problem is, downtime is a foreign concept to most entrepreneurs, so updates never get done.
Luckily for you and I, there’s a solution for that problem.
You can actually set up your WordPress site to update automatically, so you don’t have to remember to manually go in and update everything on a regular basis.
Note: When you automatically update your website, there’s a small chance something could break on your site and you obviously won’t be there to fix it. To be safe, try to only automate minor updates and be sure you’re backing up your website regularly. You’ll also want to be sure to get email notifications each time something updates that way you know to at least make sure nothing broke. We’ll cover that later in the article.
But first, let’s look at a few more reasons why updating your WordPress site is critical:
(See story above.)
Also, well-known security company Securi did a report that found over 50% of hacked WordPress sites weren’t updated.
“Out-of-date software has been a serious issue since the first piece of code was put to virtual paper. With enough time, motivation, and resources, attackers will identify and potentially exploit software vulnerabilities.” – Securi
WordPress developers are constantly working on finding and fixing bugs. When they do fix a bug, they push an update with that fix included in the code. When you don’t install the update, you don’t get the bug fix.
Most developers (at least the ones working on WordPress and the ones working on good themes and plugins) are constantly working to add cool new features that you’ll miss out on if you don’t have their latest version.
If you’ve ever used an older laptop or cell phone, you probably know that new software tends to either not work properly or not work at all on older platforms. The same is true with WordPress. So, if you want everything on your site to jive together, you need to keep everything up-to-date.
In addition to fixing bugs and security issues, many developers also work on making their code faster and more efficient. If you miss out on updates, you miss out on any speed improvements they’ve made as well.
How to set up WordPress to automatically update
Okay, so now that we know updates are important, let’s talk about how to automate them so you don’t have to worry about remembering to keep everything updated on your site.
There are two basic ways you can make your WordPress core, themes, and plugins update automatically, and one way you can semi automate it:
Option 1. Use a plugin
There’s a plugin called Easy Updates Manager, and it is an awesome little plugin. Basically, you just tell it what you want it to automatically update, and it does the work for you.
You’ll just go to the WordPress plugin repository (Plugins > Add New), then search for “Easy Updates Manager”, click Install, then click Activate.
Then hover over Dashboard in the top left of your WordPress admin dashboard, and there should be a new menu item that says “Updates Options”. Click that, and you’ll see the settings for the Easy Updates Manager plugin.
Once you’re in the Easy Updates Manager settings, look under the “Automatic Updates” section, then all you have to do is enable automatic updates for plugins and themes, and it should automatically save.
Once you’ve done that, you’ll want to go to the “Advanced” tab in the Easy Updates Manager settings, and make sure you don’t see a warning telling you automatic updates have been disabled.
If you do see a warning, just login to your hosting account, then go to your hosting account’s control panel (or cPanel for most), then click to go to your File Manager for your site. You should see a list of your site’s WordPress files and folders, and there should be a “wp-config.php” file. Edit that file, then do a search (Control + F or Command + F) for “AUTOMATIC_UPDATER_DISABLED”. Then you can just comment that line out by adding a // in front of the line.
Now go back into your WordPress dashboard and refresh the Easy Updates Manager settings page you were just on (the “Advanced” tab), and the warning should be gone.
Now your plugins and themes should update automatically.
The last step is to go to the “General” tab of the Easy Updates Manager plugin, then scroll down until you see the “Notification Email” field. Enter your email address there, and you’ll get email notifications for updates on your site.
Option 2. Add 3 lines of code to your site
If for some reason either the plugin route doesn’t work for you, or if you just want to minimize the number of plugins your site is using, you can use the following steps to add the necessary code to your site on your own. (Also, here’s the code from the WordPress codex.)
First, you’ll need to add this code to your wp-config.php file:
add_filter( 'auto_update_core', '__return_true' );
To find your wp-config.php file, login to your hosting account, then go to your hosting account’s control panel (or cPanel), then go to your site’s File Manager. You should see a list of your website’s WordPress files and folders, and your “wp-config.php” file should be one of those files.
Then, to have your plugins and themes update automatically, you’ll need to add this code to your theme’s functions.php:
add_filter( 'auto_update_plugin', '__return_true' ); add_filter( 'auto_update_theme', '__return_true' );
Now your website should be configured to update automatically.
Again, always be sure to backup your website regularly, and be sure to check your site after it updates in case an update doesn’t want to cooperate with your site. This shouldn’t be a big problem and it isn’t highly likely, but it is possible so it’s something to keep in mind. Your website can’t and shouldn’t go on complete autopilot, but you can use more of a “cruise control” approach – with you keeping your hand on the wheel to make sure nothing weird happens.
Option 3: Get email notifications when a new update is available
If you’re not comfortable letting WordPress update everything itself, you may prefer simply getting email notifications when new updates are available.
To do that, install and activate the WP Updates Notifier plugin, then hover over Settings from your WordPress dashboard, and click Updates Notifier.
On this page, you should see the plugin’s settings, where you can adjust how frequently the plugin checks for open updates, as well as change the “to” and “from” email addresses for your update notifications.
I recommend leaving the settings as is, but you can click “Save settings with test email” to send a test email to make sure it’s working.
Now each time there are open updates, you’ll get an email with all the updates that are availble for your site’s WordPress core, themes, and plugins, as well as links to each one. There should also be a link in each email that goes straight to the main updates page for your site.
This is a handy plugin to have, and could eliminate the need for automatic updates if you can make yourself do the updates as you get the notification emails.
So that’s it! Now you should either have your WordPress site set up to update automatically, or at least have it set up to automatically notify you via email when new updates are abailable.
Either way, you’re one step closer to keeping your website secure and running smoothly.
Let me know if you have any trouble with this process and I’d be happy to help!