Manual security patches?

  • I have a developer friend (not WordPress, more the old fashioned classic backend support and security for logistics software and company websites) who recently told me a thing I’ve never heard before. He said WordPress requires manual security patches to cover vulnerabilities caused by plugins and it needs these patches every couple weeks/months, something like that. He swears up and down the standard security patches put out by WordPress and independent app developers aren’t enough.

    I’d give this more credence because of his background if it weren’t for the fact that I’ve been working with WordPress for over 10 years and I have no memory of seeing this sort of discussion come up in any articles, developer communities, or support forums. Maybe I just missed it all and I’ve been negligent this whole time, but it feels fishy to me.

    Do we really need to be doing manual security patches???

    I can see this maybe applying with free plugins that aren’t getting updated regularly but what about for premium ones from reputable sites that offer extended support and all that? And if so, I’ve seen some premium security plugins floating around, are there any of those that are worth their salt or is it a money dump?

    Nothing like a question like this to make you question your whole career.

    • This topic was modified 3 years, 7 months ago by uvdcstudio.
Viewing 2 replies - 1 through 2 (of 2 total)
  • Moderator Steven Stern (sterndata)

    (@sterndata)

    Volunteer Forum Moderator

    All patches are distributed as updates, so as long as you keep plugins, themes, and WP itself up to date, you’ve got the latest patches. And you can set things so plugins (and WP) are updated automatically, if you don’t want to check your dashboard frequently for updates.

    See https://www.ads-software.com/support/article/configuring-automatic-background-updates/ and https://www.ads-software.com/support/article/plugins-themes-auto-updates/

    It’s also a good idea to backup frequently *and automatically*. I like using the plugin backwpup because the free version includes scheduling as well as the ability to store backups off-site.

    Finally, you need to read what’s offered by the various security plugins and decide if the additional premium features are required by your circumstances.

    Thread Starter uvdcstudio

    (@uvdcstudio)

    @sterndata Yes that’s exactly how I told him I was already handling it and he said it wasn’t enough. He’s been off base about things before so I wanted to take it with a grain of salt but I figured I should ask before letting my pride get in the way of potentially learning something new that would help myself and my clients. Thanks for the quick reply!

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Manual security patches?’ is closed to new replies.