Updating WordPress Core, Plugins and Themes

Is your WordPress instance, plugin or theme running on the latest version?  Is your plugin or theme being actively updated? Have you considered an upgrade or using an alternative suitable plugin to do the same job if your plugin is no longer supported?

Do I need to keep WordPress Updated?

In order to comply with Article 5, “Integrity and Confidentiality” principle of the GDPR, a data controller must have appropriate security to prevent the personal data being processed from being accidentally or deliberately compromised. In particular, you will need to:

• design and organise your security to fit the nature of the personal data you hold and the harm that may result from a security breach;
• be clear about who in your organisation is responsible for ensuring information security;
• make sure you have the right physical and technical security, backed up by robust policies and procedures and reliable, well-trained staff; and
• be ready to respond to any breach of security swiftly and effectively.

Security therefore could extend to running out of date versions of WordPress core, plugins and themes.  Updates are usually provided to add functionality but more importantly to fix security and vulnerabilities.

 

Too busy to keep the site updated?

Think about employing the services of organisations which offer managed care packages for WordPress, who will take care of the security, updates, maintenance (including backups) for you. But remember they will then be a data processor acting on your behalf so ensure that they are also GDPR complaint and operating in a country with adequate safegards in place.