Every once and awhile I will see an older version of WordPress when working on something for a client. Yesterday I saw a super blast from the past: WordPress 3.04. This prompted me to do a service announcement: keeping WordPress up to date is easy. Fixing a hacked version of WordPress can be complex.
Let’s break it down:
Keeping WordPress up to date is easy.
- Easiest: automatic background updates (WordPress 3.7+)
- Easy: One-click update (WordPress 2.7+)
- Manual (still pretty easy – but not everyone is comfortable with FTP)
Documentation on updating WordPress: http://codex.wordpress.org/Updating_WordPress
Fixing a hacked version of WordPress can be complex.
- Google can/will blacklist your site with Google Blacklist
- Simple updates take moments, having someone find the source of the hack, fixing it, and cleaning up can take hours.
- Did you really have a good backup? Whoops.
- All passwords, secrets will need to be changed
- Hacks can insert spam into your content. No one wants content spam
- You will need to scan your site for malware to make sure everything is removed so it does not happen again right away
Documentation on what to do if your WordPress site has been hacked: http://codex.wordpress.org/FAQ_My_site_was_hacked
In the end:
You are going to have to update to the latest version of WordPress anyways. You have options (automatic, one click, manual) – not excuses.