Key Points

Well, that’s correct, you should update your website software… figuratively speaking, of course. When I say “You should update your software”, well, I don’t necessarily mean YOU, yourself, should do it. I mean you should ensure that it gets done… that someone does it.

Software Update Prompts

So why do I bring this up? Well, when you login to your site’s admin screen or dashboard, you may have seen messages telling you that updates are available and asking you to proceed to update your site. And technically, if you can see the prompts, you can perform the updates with just a few clicks. However, those messages are really meant for website administrators. And often, these messages are seen by other users, not just administrators. So if you aren’t the website administrator, it’s best to notify him/her about these messages.

Are You A Website Administrator?

Many website owners are set up with a login username on their site by someone else, maybe a web designer or an administrator did it for them. Many times, the owner is set up with a role that has more authority than he/she really needs… including the highest level, a super admin. This can be a very dangerous thing!

Do you know what your role is on the website? Do you just need to add new articles or posts once in a while? Or maybe you need to approve other users’ articles before publishing? Are you the website administrator who takes care of all the technical stuff? Do you really need to log in to the admin area / dashboard at all?

The point is, it’s important to know your role on your website, and your authority / access should reflect that role. For example, if you only need to post articles, you should not have authority to update software. The website administrator’s role is typically to install, update, remove and test software. They also will create website backups to ensure a way to recover from problems. If this doesn’t sound like what you normally do, then you probably shouldn’t be updating website software.

About Those Software Update Prompts…

Some examples:

Key Points

Your content management (CMS) website, be it WordPress or Joomla, needs periodic maintenance to ensure adequate security.

When you choose to use a content management website, you must make a commitment to periodically maintain it. If software updates are not applied, it’s not a question of IF a website will be hacked, it’s a question of WHEN. If your site gets hacked or infected with malware, Google will flag your site as “unsafe” and warn people not to visit it.

On a content management site, there are many software components such as the core platform, various plugins, a theme, etc. At any given time, this mix of software often contains security vulnerabilities. This is an unfortunate and inevitable byproduct of open source content management systems.

“…the leading cause of infection could be traced to the exploitation of software vulnerabilities in the platform’s extensible components… the integration of plugins, extensions, components, modules, templates, themes…”
from Sucuri’s blog post Website Hacked Trend Report 2016 – Q1

That said, these vulnerabilities usually get fixed relatively quickly thus minimizing the threat to your website. But here’s the problem: website owners must take action to get these fixes applied to their websites. And they very likely don’t know they have software that needs updating. They don’t know their sites are at risk of being hacked. If vulnerable software is not updated, hackers will eventually find a way to gain access to the site. The best defense is to simply keep your site software updated.

As a rule of thumb, have your website software checked and updated at least monthly. It’s critically important to your website’s security to have software updates applied on a regular basis.

But What About Automatic Updates?