Do I really need to update my plugins (or themes or wordpress core)?


WordPress is a great platform, but it is not maintenance free.


Like oil changes on your car, regular updates help keep your site secure and healthy. You can do these yourself at yourwebsite.com/wp-admin/update-core.php (you’ll need to log in first). Or if you’re already in the WordPress backend, just press the “Updates” item in the black sidebar menu. 

Here’s how I do it:

1. Take a full site backup (Updraft Plus works!)

2. Update everything needed, one at a time

3. Test your website after each update to be sure it works with no errors

4. Relax knowing you are secure and up to date!


What’s the risk to doing these updates?

Don’t skip your backups! Sometimes updates can break your site, particularly if it’s been awhile since you did any. Imagine your website is like a house. It is built on the ground of web standards (PHP and CSS, mostly) that change every year or so. Then WordPress itself is like the foundation your house rests on. Your theme is the structure of your house, providing the overall look and feel of things. Finally, your plugins are like the plumbing and electricity- adding features that are sometimes essential. You can imagine if you updates your house’s structure with new code, but didn’t update the wiring too, it can cause things to break. The reason is kind of technical, but you can think of it as sometimes different pieces of code use outdated terms for things, or two plugins will try to compete for the same term, which causes the website to get confused or throw an error. By taking a backup before starting your updates, you have a “save point” you can return back to in case something breaks.


I did my updates and now my site is broken!

Are you getting the dreaded “critical error” message after an update, or just seeing a bunch of code, or nothing at all when you try to visit your website? Sounds like you have a code incompatibility. If you took a backup, go ahead and restore from that for the time being. If not, get in touch with me ASAP, I can check your server error logs and narrow down the cause of the issue on a rush basis.


What’s the risk to NOT doing these updates?

In a word, security.

A website that has old everything (theme, plugins, wordpress core) can still work for a long time, but the problem with them is that they are very easy to hack. Once your website gets hacked, it is very difficult to get it cleaned up again. No website is too small to be a target, there are robots crawling the internet just looking for sites with known vulnerabilities like older plugins that they know how to exploit. Once they’re in, your whole site can be converted to an unsavory redirect before you even know it. Plus, eventually, if you don’t keep your code up to date, things just break. Better to do preventative maintenance than need to replace or rebuild your entire website. Your site is a big investment like a car, it’s important to keep it healthy.


How often should I update my website? 

I recommend updating everything monthly. Automatic/daily updates (like some hosts offer) are convenient, but then if something breaks your site, you don’t know what it was, and you might not even know it’s broken until the next time you happen to look at it. Furthermore, being on the bleeding edge of new code releases means you are testing it out for them. I prefer to wait a week or so and make sure the bugs are worked out of any new code, so I’m not a beta tester early adopter. If you don’t have the funds for monthly updates, quarterly is okay too- just don’t let it go longer than that!

Don’t have the time to DIY it? Feeling overwhelmed? 

I offer maintenance packages where I do these for you (along with security screening, speed enhancement, daily offsite backups, and up to an hour of any content edits you’d like). You can review those plans here.
Happy updating!


Fixing Mixed Content SSL Errors


A former client wrote into me today with this puzzle, and I thought I’d share it in case it’s useful to anyone else:

Hello Hunter,
A while ago you updated my WordPress website. I noticed that when I go to my blog (diannej.com/b/), I see that the connections suddenly show as “Not Secure.” However, when I go to just diannej.com, it does show as secure. I have paid for an SSL certificate which should cover the whole site, but does not appear to be doing that. 
Any ideas why? Owen said he went to Siteground to get help, but they no longer seem to have a ticket desk for problems. 
Thanks for any assistance you can offer.

Best,Dianne
Mixed Content SSL Error
If you right-click on your website and choose “inspect element” in Chrome or Firefox, you pull up an info window like this one. Click the “Console” tab to see errors and warnings such as the Mixed Content SSL warning

Yes, absolutely! Happy to advise. Bummer that Siteground is so unhelpful!

Continue reading

what is https and why should you care?


Ok, so here’s the deal about http versus https, in layman’s terms:

https sites have their identity confirmed. It’s like Anne Hathaway being carded to confirm she’s really her and not just an absurdly good look-alike trying to get free drinks at the exclusive club.

what an https warning looks like

Why does this matter? You’ve heard of phishing, right? When a site poses as another site to steal your password or credit card information? Right? Good. So, this poser phishing site, it can look the same, even down to the url in the address bar, thanks to super sneaky technology. This is like being an Anne Hathaway lookalike who actually changes her name to “Anne Hathaway” to fool more unsuspecting bouncers. https is our defense mechanism against this, a technical way to confirm the identity of the site you’re visiting to ensure it’s the real deal.

But my site doesn’t even take credit cards! Why should I pay for a security certificate when I don’t ask for sensitive information?!

Continue reading