If your computer tells you that updates are available, you should install them quick or risk getting infected with viruses and all sorts of nasties. When a security exploit is detected by Microsoft, the advice they generally give is to check for updates and install them immediately.

It’s the same for WordPress or any other web application you may use for your business – install updates immediately or you will be exposed to hackers, viruses and malware.

I’ve worked on almost a hundred WordPress sites and the mistake I see over and over again is not updating WordPress. This oversight is the single biggest screw up that site owners can make.

The main reason for not updating is because the site owner (or his staff) doesn’t know what the updates are for, or they are unaware of the severity of the problem. That’s understandable, since most WordPress users aren’t web developers or programmers. So here’s a quick explanation of what WordPress updates are all about and why you should keep WordPress up to date.

WordPress Update System

The WordPress update system makes it easy for site owners to upgrade their plugins, themes and WordPress itself to the latest version if they are hosted on a compatible server. The process literally takes just a few clicks and less than a minute. Here’s a 17-second video to prove the point.

Easy right?! Don’t forget to repeat the process for plugins and themes.

Now you know what WordPress updates are and how to make use of them. Let’s see what happens if you don’t update WordPress.

What Could Go Wrong If You Don’t Update WordPress

The 2 main reasons to keep WordPress up to date are:

1. New features. The WordPress team regularly add new features to WordPress. Some examples of these are Custom Menus, enhancements to the post editor, and faster admin screens. All of these features allow you to manage your website easier and with more flexibility.

2. Security. Occasionally security holes and exploits will be uncovered in the WordPress code. The WordPress team treats security very seriously and releases updates to WordPress that contain bug fixes to fix these holes and exploits. The same happens for plugins and themes – if updates are available, update them immediately.

Not updating WordPress means leaving holes and exploits on your website. This is the biggest screw up any site owner can make, because it exposes the site to hackers and shady characters on the internet.

If someone does hack your site, chances are you probably wouldn’t even notice it. However, Google would and will warn visitors to your site that your site may harm their computer.


What do hackers do when they attack your site? Ocassionally hackers will deface your site and leave a silly message. More often, they will use your site to infect computers of users who visit your site. Some will even use your website to send spam emails or use it for SEO spam.

Updating WordPress Is Easier Than Fixing It Later

If you take away 1 lesson from this article, let it be this: prevention is better than cure.

Updating WordPress literally takes 20 seconds and costs you $0. If your site gets hacked, you’re looking at days if not weeks of recovery and at a cost of at least a few hundred dollars. In this situation, you’re screwed.

So please don’t commit the biggest screw up for WordPress. Please update WordPress now.

Hassle-free WordPress Security, Updates and Backups

If you aren’t able to perform updates, let ClickWP do it for you! We even implement additional measures to keep your site safe, and make daily backups of your site content and files.

Find out more about our WordPress Support Plans

About David

David has over 15 years of experience with web geekery and WordPress. That experience spans every­thing from cre­at­ing affordable websites for small businesses, developing custom themes to opti­miz­ing WordPress sites for thou­sands of page views in a day. Say hi to David on Twitter at @blogjunkie.

Reader Interactions


  1. Brad Dalton

    Yes very important as i know that 4800 websites where lost without any chance of recovery even though the host also made backup. The hackers deleted all the backups and recently 30,000 WordPress websites where hacked and injected with malware because they didn’t update plugins and the WordPress core.

  2. Marketing Web

    Good advice, but only one thing I wanted to point out, is that your advice makes no mention of backing up before upgrading. This is very important, as for all the benefits of new versions, there is sometimes the potential for a new version to break a theme, or more likely break a particular plugin your site relies on.

    Unfortunately one area that I think (suprisingly) hasn’t been tackled in an effective enough manner in WordPress is simple backup solutions – unless I am missing it. There needs to be some form of one click backup, that backs up your files and database, and lets you choose to store it on the server or download it. I’m yet to find this, and have to resort to more manual backup methods.

    If an upgrade breaks your site, this is NOT a good reason to not to upgrade – rather you need to work out why it’s broken. Often the problem will be minor and can be fixed post upgrade. But there are occasions when things will break so badly you can’t get into the admin of your site, and the 17 seconds or 1 minute where you blindly clicked the upgrade doesn’t seem so convenient after all!