If you received an alert from us regarding a Wordpress Update, this is for you!

In an effort to reduce the amount of information being sent in the email itself, some of our update notification information will be posted in this thread.

We encourage you to read this in its entirety, so you can be aware of some of the issues/concerns relating to any WordPress update that we perform.

As always, if you have any questions, please do let us know, via email or a trouble ticket, and we’ll be happy to help out anywhere we can.


Before we perform any updates, we will ALWAYS do a manual backup of your site, in case the update process goes awry. This will allow us to revert back to the previous version if we need to.

Typically, an update can take as few as 30 minutes, to as long as four hours, total (see my note below). While I realize that is a pretty large range, we want to have the time allowance in case there are any issues with your current theme, or if you’re using a default WordPress theme and we need to get that converted over in case the core theme itself gets updated.

If there are no issues and/or you’re on a relatively recent (3.9 or newer), it’ll be a relatively short update process (30 minutes or so). If you have a lot of plugins and/or themes, it can take longer.

IMPORTANT NOTE: If you are using one of the default WordPress Themes (Twenty Ten through Twenty Fifteen) and have made customizations to the theme files themselves, we will have to clone that into its own separate theme, re-set up all the theme options and then manually patch the updates into the theme so that all the security fixes and updates are kept in line with the core theme versions and updates. This process can take up to 3 hours by itself. Each theme version jump (1.0 to 1.1, 1.1 to 1.2, etc) tends to take approximately 45 minutes each.

We also check each and every one of your plugins to make sure it’s compatible with the latest version of WordPress.

We’ll also quickly do an audit of your plugins to identify plugins that are out of date and needs to have an updated version purchased, or if there are any incompatible plugins (any Plugin centered around caching, for example, usually has issues with our hosting environment, since we already cache your website at the server level).

In addition to that, we will generally remove unused Core WordPress themes (we typically leave Twenty Fourteen in place, unless you have two other themes available (Twenty Fifteen or Twenty Fourteen is ALWAYS left intact), or if you’re using one of the default WordPress themes.

This is always a tricky situation, since we don’t want you to have to pay for anything more than you already have. Some plugins and themes require licenses. Unless you have a perpetual license (one that doesn’t expire), we may not be able to update that theme or plugin unless we re-up for another update. If we notice this is the case, we will advise you immediately. We can either find an alternative plugin/theme (free or paid), remove that item (may cause additional work) or purchase the updated theme/plugin on your behalf and pass the cost along to you.

Again, we will communicate this with you as we go through the update process and catch these items.

AKA “Why you really need to care about having these updates performed”… While our “Richweb WordPress Lockdown” Plugin and a few other security settings we perform do a fantastic job in protecting your site, we also don’t want to leave anything to chance.

In April, we had one customer that was not protected by our RW Lockdown plugin and their site was compromised/hacked due to one of the recent WordPress security vulnerabilities. If a site is compromised, it can take 10-20 hours just to clean up your site and get it restored back to where it was prior to the compromise. That doesn’t even include any time to perform any updates or making sure your WordPress is secured and protected against these types of attacks.

With that being said, it is Richweb’s policy that we load up our custom in-house developed “Richweb WordPress Lockdown” Plugin on each and every WordPress installation on our network. Please do be aware, that this plugin will NOT work on any server that is NOT a Richweb server, since it interfaces with a server-side daemon which helps it protect your site.

When we’ve got this plugin ACTIVATED and running in LOCKED mode, it will effectively stop 99% of SQL Injection and Cross Site Scripting (XSS) attacks.

We take this a step further and make sure that your wp-content/uploads folder cannot run PHP scripts. You can learn more about both the RW Lockdown and wp-content/uploads folder hardening at this thread. It even gives a test.php file that you can view (on my own personal site) where you can see our security protocols in action in real time.

If you have any questions, again, please let us know. We’re here to help you and to protect your website.