You know the Joneses, right? They’re the socialite/neighbor/competitor who always seems to have the newest version of everything. The newest car, the hottest handheld technology, even the most current version of WordPress.

Our culture constantly pushes us to keep up; to buy, newer, better, and faster whenever possible. This can place a great drain on our attention and resources. Eventually it becomes necessary to ask, “just how important is this latest update?”

This is especially true of software.  Programs like WordPress, can come out with updates as frequently as once a fortnight. Recently, one of our longtime clients who uses a WordPress blog asked us just this question.

If you’re looking to split the difference between security and design stability then there are two times when I would consider updates:

On Your Blog’s Anniversary

WordPress is constantly releasing minor revisions to its code, but major changes only happen once or twice a year. By updating on an annual basis you can ensure that you get the most current security updates without constantly placing your design in Jeopardy.

In Response to a Major Hack

You should consider an update any time a major hack of WordPress makes it into the news. If your version falls within the range vulnerable to the attack, you should update as soon as possible. Otherwise, give it a month or two and then update (thereby ensuring your version is more secure than the one adopted by everyone who jumped right away).

Other Positions

As you might expect, WordPress recommend that you install every update as soon as it comes out. However, each update has the potential to break the plugins, design, and custom code that you already have installed. Designers therefore tend towards the opposite extreme, that updates should only be acquired when you’re looking for new functionality that isn’t available through your current version of the software.

I advocate the middle road because the hackers who target small business websites usually employ a “bulk attack” model that goes after the virtual world’s low hanging fruit. Since they try to hack into the largest number of WordPress blogs with the least amount of effort, you just need to make sure that you are more secure than the average user.