There have been some recent and VERY IMPORTANT security updates to some popular Wordpress plugins – including:
- WordPress SEO
- Google Analytics by Yoast
- All In one SEO
- Gravity Forms
- Multiple Plugins from Easy Digital Downloads
- Download Monitor
- Related Posts for WordPress
- My Calendar
- P3 Profiler
- Multiple iThemes products including Builder and Exchange
- Ninja Forms
Even if you don’t have any of these plugins, the list above is not comprehensive – you should update all plugins that need an update through your dashboard ASAP. I have been running updates on client sites as I can, but with hundreds of sites under my belt, it isn’t possible for me to get to them all.
1. FIRST, BACK UP YOUR SITE
You should be doing regular backups of your site anyway, before anything goes wrong. On most sites I build, I install a plugin called Backup Buddy to make backups easy, but it doesn’t always work. Some servers are not set up to allow backups this way, and some sites are just too big for Backup Buddy to handle.
Your web host should have a way for you to easily make a back up of your site. This should include not just the files on your server, but also the database (very important – your database holds all of your content!). Some offer this for free, others charge a small fee to run backups. It’s worth it.
2. THEN, RUN UPDATES
When you are logged into WordPress, you may see a little icon that looks like this at the top:
The number is the number of things on your site that have updates available. These might include WordPress itself, plugins, and themes. Click on the icon to go to your Updates page, and you can see what is currently out of date.
Follow the on-screen directions to apply any updates to WordPress and plugins.