99% of WordPress websites that have problems are because they're not properly updated.
Just this week I had a customer get extremely angry because their site was infected with Malware and they couldn't possibly understand why.
WordPress is free and open source software; therefore anyone in the world can download the full source code, meaning evildoers are constantly looking for ways to penetrate websites to carry out malicious activity (spam, phishing, etc.).
At Name Hero we automatically scan websites nightly for malware and remove it when found, it can sometimes break your website. Therefore it's always to prevent malware in the first place.
This is done by always running updated files.
Setup Auto Updates In Softaculous
If you initially installed WordPress using the Softaculous auto installer, the easiest way to automatically update WordPress, including your plugins/themes is inside of there.
If you didn't select those options on install, you can set them by going to cPanel -> WordPress (under Softaculous Apps Installer)
From there, you want to click the pencil icon beside the website you're wanting to auto-update:
You then want to make sure the following options are checked:
Once this is completed, Softaculous will automatically keep your WordPress website, plugins, and themes updated automatically.
Enable Auto Updates Manually
If you've migrated your WordPress over from another web host, it's likely you don't have this option in Softaculous. Also, for those that have installed WordPress manually, you can edit some of your configuration files to get it to automatically update.
Enable WordPress Core File Updates
To enable the WordPress core files to update automatically, you need to add the following line of code to your wp-config.php file:
define( 'WP_AUTO_UPDATE_CORE', true );
You can easily access this file by going to cPanel -> File Manager and then navigating to the location of your wp-config.php file.
Enable WordPress Plugins/Theme Updates
To enable your themes/plugins to automatically update you need to edit your functions.php file which is found in your active theme's folder to include these two lines of code:
add_filter( 'auto_update_plugin', '__return_true' );
add_filter( 'auto_update_theme', '__return_true' );
If the theme you're using doesn't already have a functions.php file you can simply create one.
There are also a lot more variables you can add to all of the above lines of code. WordPress has a detailed article inside their Codex that explains these in great detail. If you're going to go this route, I highly suggest giving that a read.
Enable Auto Update Plugins With A Plugin
While I'm personally not a fan of using a lot of "plugins" (for performance and security concerns) there is a plugin you can use to update your plugins automatically.
Simply install (wait for it) the Automatic Plugin Updates plugin :)
The main attraction to using this is you can select plugins to "ignore" if you don't want them to auto-update. This is beneficial when using plugins you've heavily customized for your WordPress website.
Rollback WordPress Plugin Updates
One issue I've personally ran into (with the NameHero blog) is an updated plugin causing the whole website to crash.
This happens when the plugin update isn't compatible with your core WordPress files or specific PHP settings.
Thankfully there is a good plugin that will allow you to automatically "rollback" to the pervious version you were using.
This is called WP Rollback and can be downloaded/installed for free.
If using this, I do recommend reaching out to the plugin developer to explain to them your setup, so they can release a fix as you don't want to leave a plugin on an older version for an extended period of time.
How To Automatically Update WordPress Tutorial
I've filmed a video tutorial where I walk through all of these options and explain them step-by-step:
Should You Automatically Update WordPress?
If you're like me and login to your WordPress website at least five times a week, you're probably fine to manually update everything.
I'm real anal about doing this and have never ran into a case of malware on my websites.
However, if you only plan on logging in a few times a year, especially those of you with "brick and mortar" businesses, I HIGHLY recommend automatically updating.
As NameHero CEO it's a bit frustrating seeing customers get angry at us when the problem was caused due to lack of updates. Our malware scanner can help you AFTER the site has been injected, but the best route is to prevent it all together.