Keeping your WordPress themes and plugins up to date

wordpress security

We use WordPress as our go-to content management system (CMS) on over 90% of the websites that we design and host. It isn’t difficult to see why it’s the most popular CMS globally. It’s easy to use and is well-supported by a global community of users and developers.

Broadly speaking, WordPress is made up of two parts. The Core is the system files, all of which are required for WordPress to come out of the box and play nicely on the web, rendering as a simple, unadorned website. We keep the Core updated automatically for you, free of charge. New releases appear all the time and are applied in the background with minimal disruption to your website.

The other part of WordPress is the Themes and Plugins that add functionality to your site. The WordPress library has thousands of themes and plugins available to download, some paid for but many for free. The downside of such a rich ecosystem is that inevitably, some themes and plugins are abandoned.

Abandoned themes and plugins are a problem for two reasons. Firstly, they don’t keep up with the latest standards on the web. The web is a complex environment for developers, with new technologies emerging all the time. Secondly, hackers are constantly looking to exploit vulnerabilities on websites. Abandoned plugins are a prime target. Although we protect all of our WordPress websites with the Wordfence firewall, it can only alert us when it finds vulnerabilities. There is no auto-delete or “magic fix” option.

Some abandoned plugins can be deactivated and deleted if they aren’t doing anything useful on the website, but in cases where they are doing something important, such as providing a drop-down menu, either an alternative plugin is needed, or the site’s theme re-designed so that the plugin is no longer required.

Starting in May 2021, we’re beginning a programme of work to identify all the abandoned plugins on WordPress websites that we host. We’ll notify you if we have any concerns. We’ll also do a free assessment of options for removal and/or replacement. In most cases, there will be a simple fix but there may be occasions when more extensive remedial action is required.

For peace of mind, we’ve created new Service Level Agreements (SLAs) for WordPress plugin maintenance. For simple sites with less than five plugins and a theme designed by Lunaria, we can maintain these starting from £60 ex VAT for 12 months. For larger sites with themes selected by the client, we have a table of costs.
If you have any questions about your WordPress site or your themes and plugins, please contact us through our support channel.