We pride ourselves on our WordPress hosting, which watches for new updates and patches to WordPress for our clients and apply them automatically.
There’s a (really good) reason for doing so. If you don’t, your site is more exposed to exploits and other vulnerabilities putting your data (and that of your users) and site at risk. Hosting WordPress yourself can be a few quid cheaper a month. But you need a robust process in place to ensure you are updating your installation – at least daily.
A case in point: yesterday it was announced that there was a potential cross-site scripting vulnerability in older versions of a WordPress plugin used by a couple of our sites called Geo Mashup (which we use to do some interesting things with Google Maps such as for Sandgate Business) https://wpvulndb.com/vulnerabilities/9105
We received that notification at 9.31am this morning (BST) and our installation was updated by 10am. Clients have done nothing: they needed to do nothing – we just dealt with it.
There is no evidence yet that the vulnerability above was particularly dangerous, or even that it has been exploited anywhere in the world – yet. But keeping your WordPress install up to date – including all plugins – is critical to keeping your site as secure as possible long terms. If you are doing so yourself – well done. If not, could we interest you in our hosting?