Home / Security / Keep all software, plugins, and themes updated
Defensive & Operational · Security Ring

Keep all software, plugins, and themes updated

30 min to set up a process, then ongoing Impact: high Effort: low ✓ Manual completion

Keeping all software, plugins, and themes updated closes known security vulnerabilities as soon as fixes become available, since a huge share of real-world breaches exploit vulnerabilities that already had a published patch the site simply had not applied yet.

Attackers actively scan for sites running outdated versions with known, published vulnerabilities, this is one of the single most common and most avoidable ways sites get compromised.

How to do it

  1. 1
    Enable automatic updates where safely possible
    Many platforms support automatic updates for minor and security releases specifically.
  2. 2
    Set a real recurring schedule for manual review
    For updates that need manual review or testing before applying, a defined cadence rather than an ad-hoc approach.
  3. 3
    Test major updates in staging first
    Where practical, avoid applying untested major version updates directly to your live production site.
  4. 4
    Subscribe to security advisories for your key software
    Direct notification of critical vulnerabilities as they are published, rather than discovering them later.

Common mistakes

How you will know it is done

A real, ongoing update process is in place, and core software, plugins, and themes are currently on their latest secure versions.

Track this in your hive

The Security Ring turns this into a real, permanent mission — mark it complete once you have genuinely done it.

Open this mission in H.I.V.E. →