If you don’t want to join the countless websites that are compromised every day due to their outdated, insecure software, then you need to keep your WordPress site and all of its plugins/themes up to date.
Note: If you’re on WordPress.com, don’t worry about the WordPress software per se, the .com platform will update it automatically. The same may not be true for all your plugins and/or themes, though, so keep reading.
Some hosting companies offer services where they will keep everything up to date for you (but it will likely come at a cost). I find that the best balance is to have a hosting service that will update the WordPress software regularly, then you only have to update your own plugins. This is particularly important if you use some complex plugins that sometimes require another plugin to be updated before it. (I’m looking at you, paid WooCommerce extensions.)
In an ideal world…
You should update your site as soon as a new plugin or WordPress version is available because these updates could patch a vulnerability that was recently discovered or could contain other important security improvements. There are free tools out there that allow you to determine which websites have version X of plugin Y installed. Once hackers discover that Plugin Y is vulnerable, they’ll send their army of automated robots to hack their way through the security hole and then… Well, things could get really messy.
But I know. You’ve got books to write (and most probably a full-time job to go to).
So what’s a writer to do?
First of all, you should login in your site now, back up your entire site, then update everything that is outdated. You can easily see what requires updating by accessing your dashboard. I recorded a video about doing just that in this article.
I’ll wait while you take care of that.
You’re back? Good. Now how will you know if more updates are required?
There are plugins that can tell you if anything gets outdated. One of them is WP Updates Notifier (but it hasn’t been updated in a while…) Another is WordFence. I wouldn’t say that it has the simplest/easiest installation and interface but it’s quite good at blocking brute-force login attempts, and it does send emails when things get outdated. I will warn you that some people experience problems related to the settings they use. Use it at your own risk.
Here’s an example of an email it sends when plugins are outdated:
I try to avoid installing plugins if I don’t have to, so a little note on your calendar may be enough. It just takes a few minutes to go in each week or month. It also lets you check that the site is still up and running, free of problems, then you can click that double-circular-arrow icon with a number (near the left edge of your admin bar), and it will show you what requires updating.