Last year there were 63 WordPress updates and security patches. This is a lot.
WordPress is the dominant website CMS
In 2023 WordPress powers 43% of all websites and its market share is still growing. For websites with a CMS (content management system) the market share is higher – over 60%
The popular codebase is quite old and unfortunately security flaws keep appearing – so updates or patches are released at increasing frequency.
It is essential that websites are patched; for any business following a security standard such as Cyber Essentials this is a requirement. It also makes business sense - you don’t want to risk your business website being attacked and compromised.
ExtraDigital have been looking after the security patching of WordPress websites for a very long time. We are well aware of the increase in numbers of patches that need applying each year, but also the increase in problems from these patches.
More WordPress security patches each year
Ten years ago we’d expect about 10 WordPress Security patches or updates per year, not all relevant for every website. We expected most websites to need updating at least 3 times during the year but not every month.
Last year there were 63 WordPress updates - and almost every website we provide security updates for required updates each month. In 2023 the trend is higher still.
This is a huge amount of work and support cost. Before installing a security update, backups of the site should be taken so it can be restored if the update causes the site to break.
Sites stop functioning after WordPress Security updates
An increasing number of WordPress security updates are causing websites to stop functioning. This happens with increased frequency if your website has a page editor or plugins for forms, or banners or payment systems. Taking full site backups before an update is more important than ever.
Was WordPress update 6.2.1 the worst?
WordPress update 6.2.1 was a particularly bad one – with the majority of websites not functioning correctly after attempting to install this. Basic plugins for breadcrumbs, sliders and in-page editors were all impacted. In fact, almost anything using the WordPress blocks system (Shortcode Blocks) – an important part of most websites if the website is written to be easy to maintain.
Even WordPress acknowledged this, releasing version 6.2.2 very fast as “a rapid response release to address a regression in 6.2.1 and further patch a vulnerability addressed in 6.2.1”
One advantage of maintaining many WordPress websites is you don’t waste time solving the same issues many times – you can see which updates have issues and be prepared.
So why so many?
With WordPress the dominant CMS used for websites, this is where hackers spend most of their effort. But we wish WordPress would have a better quality checking process before releasing updates.