Skip to Main Content

A Tale As Old As The Web (Part 2): Critical Plugin Updates

In part 1 of our epic website story, we began our tale as old as time the web.

We waxed on about hosting and monthly update plans and how beneficial they can be to keeping your site in better shape than Prince Charming.

Now, we continue our narrative as we arrive at what literature calls “the climax.”

Gif of Inigo Montoya and Wesley from Princess Bride engaged in a duel with swords

No, there are no swords or cave trolls or other similar obstacles to overcome. But this conflict is just as dangerous to life and limb (of a website). 😬

So gather around and “plug in” (that pun will be funny in a second) for our next chapter to find out if the innocent prevail. (Spoiler: Yeah, they do!) ⬇️

What exactly are “critical plugin updates”?

Critical plugin updates are:

✅ WordPress plugin updates …

✅ … that should be taken care of as soon as humanly possible.

Gif of actor Nathan Fillion from the Rookie saying "That was fast."

They’re different than the updates we do for your website on a monthly basis (more on that below).

Critical plugin updates are also much more (yep, you guessed it) critical.

Why do we care about critical plugin updates?

In a word: Security.

Keeping your website secure is our main reason for caring about critical plugin updates.

Gif from Portlandia with the words overlaid "This is a safe place."

When plugin vulnerabilities are found and we’re able to take quick action on them, we can make sure that the plugin is secure. 🔐

This is our best weapon to help prevent hackers from gaining access to your website — so that they can’t do what they do best: cause trouble.

How are critical plugin updates different from monthly updates?

Monthly Updates

If you host your site with us, we perform website updates every month to help keep your site happy and healthy, including:

  • backing up your site
  • performing the available WordPress core and plugin updates
  • testing basic functionality to make sure nothing broke during the update process

Critical Plugin Updates

Unlike monthly updates, which happen on a regular basis and can be planned for, critical plugin updates show up out of the blue. 🔵

(And if you host with us, we take care of these, too!)

We have a number of ways we catch these critical plugin updates:

  1. Our dev partners (including WP Engine) send us email notifications letting us know of new critical updates for various plugins.
  2. And, as an extra step, we proactively review WordPress theme lists every month to check for any new emergent vulnerabilities.

How do you remedy critical plugin updates?

Gif of Elaine, George and Jerry from Seinfeld dancing in sync with the words "team work" overlaid

It’s a team effort! And we wouldn’t have it any other way. 🤓

Step 1: Alert the team.

Once we learn of a new vulnerability, we post the details to our team Slack channel. This way, our entire team of Geeks is aware of:

  • what plugin has been affected
  • who is taking care of it

Step 2: See if your site is impacted.

Next, we use a tool that all our sites are using to run a search for which of our sites are using the affected plugin.

Then, we check each site one by one to see if it’s using a vulnerable version of that plugin. 🔍

Step 3: Update vulnerable sites.

If a website is impacted, we:

  1. Run a backup of that website.
  2. Update the plugin.
  3. Check the site to make sure it’s working the way it should. 👍

How long can these updates take?

Remedying critical plugin updates can take anywhere from a few minutes to an hour, depending on a few factors.

⏰ Backups on some websites can take a while, especially if we need to use a backup system like UpdraftPlus.

⏰ And it can happen that there isn’t a patch (yet) for a plugin vulnerability, which is developed by the plugin’s developer.

If a patch isn’t available, then our team takes extra steps to ensure we can remove that plugin (or come up with a replacement) and keep your site secure.

Have you seen a “critical” uptick recently?

Orange kitten sitting on a laptop keyboard and pressing some keys with the words overlaid "we do a little hacking."

Yes! We had been remedying about 1-2 critical plugin updates per month.

The average now is 9-12 per month. 🤯 But the answer as to why isn’t 100% clear.

👎 It could be due to hackers getting better at finding website vulnerabilities. (Boo.)

👍 It could also be that the web development community has gotten really good at finding them before hackers do. (Yay!)

In particular, WooCommerce and UpdraftPlus have been on top of their game when it comes to developing plugin patches. 🎯

So as a result, those critical plugin notifications land in our inboxes a lot more often than they used to.

Why are we (story)telling you all of this?

Because when it comes to your website, it’s good to know who’s got your back.

Johnny Lee Miller from Hackers looking in a mirror and flipping two floppy disks from his sides like guns in a Western.

So sit back, relax and rest assured that when your website story arrives at that critical climax, the Geeks will be there to make sure your site has a fairy tale ending.

We had been remedying about 1-2 critical plugin updates per month. The average now is 9-12 per month.

Ron Zasadzinski, CodeGeek’s Head Geek

Got a website hosting question?