I’m looking for ways to make updating WordPress less frightening for me. I created around 30 company websites based in WP in my career and I feel somewhat responsible for them in regards to security. Even if clients don’t pay me for maintenance – clicking the “update” button every few months shouldn’t be a big deal, right?
I’m always resistant to upgrading for a couple of reasons
-
if something breaks on the website during updating clients are
often not willing to pay for the time it takes to fix all the
plugins. “It did work, why did you have to change it?!” Only option then is a roll-back and locking down the site. -
if something breaks the website and I don’t notice it I’m screwed. Explaining
why a contact form would not work for several weeks after updating is something I
don’t want to do again. - updates for company websites are often
not really mandatory. Most security issues happen around user
submitted content, ajax and xml-rpc APIs – things I don’t have to
bother with when creating static pages that only get a few hundred
visits per month. These websites tend to lie idle which of course
increases the risk of updating. I have no problem updating a website
that is only 2 months old – but I feel resistant to updating a 2
year old website running pre-3.0 or even pre-2.7.
This makes it a game where I have nothing to win and can only loose.
What are your ways of handling this? Any suggestions are highly appreciated and benefit to more secure WP installations out there? 🙂
(for clarity: I’m mainly talking about small company websites or private blogs here where automated tests are not a realistic option)