There have been some recent and VERY IMPORTANT security updates to some popular Wordpress plugins – including:
- WordPress SEO
- Google Analytics by Yoast
- All In one SEO
- Gravity Forms
- Multiple Plugins from Easy Digital Downloads
- Download Monitor
- Related Posts for WordPress
- My Calendar
- P3 Profiler
- Multiple iThemes products including Builder and Exchange
- Ninja Forms
Even if you don’t have any of these plugins, the list above is not comprehensive – you should update all plugins that need an update through your dashboard ASAP. I have been running updates on client sites as I can, but with hundreds of sites under my belt, it isn’t possible for me to get to them all.
1. FIRST, BACK UP YOUR SITE
You should be doing regular backups of your site anyway, before anything goes wrong. On most sites I build, I install a plugin called Backup Buddy to make backups easy, but it doesn’t always work. Some servers are not set up to allow backups this way, and some sites are just too big for Backup Buddy to handle.
Your web host should have a way for you to easily make a back up of your site. This should include not just the files on your server, but also the database (very important – your database holds all of your content!). Some offer this for free, others charge a small fee to run backups. It’s worth it.
2. THEN, RUN UPDATES
When you are logged into WordPress, you may see a little icon that looks like this at the top:
The number is the number of things on your site that have updates available. These might include WordPress itself, plugins, and themes. Click on the icon to go to your Updates page, and you can see what is currently out of date.
Follow the on-screen directions to apply any updates to WordPress and plugins.
you say that the update number is for themes, plugins, and wordpress.
Should we avoid updating themes? Don’t we want to keep a custom theme if you built one?
You should update any themes, except one I created for you (it will usually be named after your site). 99.999% of the time, a theme I create will never show it needs an update; the only time it could is if someone out there has created a theme with the same name, and THEY push out a mass update. You don’t want to update it, because then your custom theme will be replaced with theirs. I have only seen this once with my themes, so it is not a common occurrence.