Last year there were 63 WordPress updates and security patches. This is a lot.
WordPress is the dominant website CMS
In 2023 WordPress powers 43% of all websites and its market share is still growing. For websites with a CMS (content management system) the market share is higher – over 60%
The popular codebase is quite old and unfortunately security flaws keep appearing – so updates or patches are released at increasing frequency.
It is essential that websites are patched; for any business following a security standard such as Cyber Essentials this is a requirement. It also makes business sense – you don’t want to risk your business website being attacked and compromised.
ExtraDigital have been looking after the security patching of WordPress websites for a very long time. We are well aware of the increase in numbers of patches that need applying each year, but also the increase in problems from these patches.
More WordPress security patches each year
Ten years ago we’d expect about 10 WordPress Security patches or updates per year, not all relevant for every website. We expected most websites to need updating at least 3 times during the year but not every month.
Last year there were 63 WordPress updates – and almost every website we provide security updates for required updates each month. In 2023 the trend is higher still.
This is a huge amount of work and support cost. Before installing a security update, backups of the site should be taken so it can be restored if the update causes the site to break.
Sites stop functioning after WordPress Security updates
An increasing number of WordPress security updates are causing websites to stop functioning. This happens with increased frequency if your website has a page editor or plugins for forms, or banners or payment systems. Taking full site backups before an update is more important than ever.
Was WordPress update 6.2.1 the worst?
WordPress update 6.2.1 was a particularly bad one – with the majority of websites not functioning correctly after attempting to install this. Basic plugins for breadcrumbs, sliders and in-page editors were all impacted. In fact, almost anything using the WordPress blocks system (Shortcode Blocks) – an important part of most websites if the website is written to be easy to maintain.
Even WordPress acknowledged this, releasing version 6.2.2 very fast as “a rapid response release to address a regression in 6.2.1 and further patch a vulnerability addressed in 6.2.1”
One advantage of maintaining many WordPress websites is you don’t waste time solving the same issues many times – you can see which updates have issues and be prepared.
So why so many?
With WordPress the dominant CMS used for websites, this is where hackers spend most of their effort. But we wish WordPress would have a better quality checking process before releasing updates.
WordPress maintenance services
Frequently Asked Questions
Why are there so many WordPress security updates each year?
WordPress powers over 43% of all websites and more than 60% of CMS-based websites, making it the biggest target for hackers. Because of its popularity and long-established codebase, new vulnerabilities are discovered regularly. As a result, WordPress security updates and patches are released frequently to protect websites from emerging threats.
How often should a WordPress website be updated?
Most WordPress websites now require updates almost every month. In the past, websites may have only needed a few updates per year, but with 63 WordPress updates released last year alone, regular monitoring and monthly patching have become essential to maintain security and performance.
Can WordPress security updates cause a website to stop working?
Yes, WordPress security updates can sometimes cause websites to stop functioning correctly. This is especially common when sites use page editors, plugins for forms, banners, payment systems, or the WordPress block system. That’s why ExtraDigital always recommends taking a full backup before applying any WordPress security update.
What happened with WordPress update 6.2.1?
WordPress update 6.2.1 caused widespread issues, with many websites failing to function correctly after installation. Plugins for breadcrumbs, sliders, and in-page editors were particularly affected, especially those using the WordPress blocks system. WordPress quickly released version 6.2.2 as a rapid response to fix the regression and address additional vulnerabilities.
Why is professional management important for WordPress security updates?
With the growing number of WordPress updates each year, managing patches properly requires time, testing, and backup procedures. ExtraDigital has extensive experience maintaining WordPress websites and can identify problematic updates before they cause disruption. Professional management helps reduce downtime, protect against security risks, and ensure compliance with standards such as Cyber Essentials.
