Websites can be like cars: they all need maintenance at some point. Some of it you can do yourself, and some is better to let a professional handle.
The more precision the vehicle, or website, the more maintenance it needs to perform properly.
Let's start with some background: your website is built on a Content Management System called Wordpress. The coding language of Wordpress is PHP, and there are pre-built pieces of code called plugins that are used to build common requirements (like Search Engine Optimization functionality, contact forms, etc.) into your site.
When new releases are available, these layers of website technology (the PHP version, Wordpress version, and all site plugins) need to be updated so that they all work together—AND so any security patches can be deployed.
If you are hosted with us or have firstname.lastname@example.org added as a technical contact on your WP Engine account, we will receive notices to our support portal when a vulnerability is found within any portion of your website so that it can be updated before nefarious sources can hack or inject code on your website. These hacks or injections can sometimes bring your site down completely, redirect your website visitors to bogus selling sites or sometimes bloat your site with malicious code.
Here's a common scenario: a security vulnerability was reported to the creators of a plugin. The vulnerability was then quickly patched by the plugin creator, and a new version of the plugin was released. WP Engine then pushes out a notification to all sites using that plugin on its platform to let them know a new version is available.
When our support team receives a notification, we will notify the primary contact on your account to get approval to move forward with the update. Once approved, our team follows these steps to ensure your site is updated and tested without any downtime:
1. A backup of your live site is created
2. A copy of your live site is then pulled into a staging environment (like a sandbox or testing site that isn't visible to the public)
3. The plugin in question is updated to the newest version
4. Our team then does a QA review of the site to make sure that the update doesn't conflict with any other parts of the site
5. A link to the staging site is then sent to the primary contact for them to review and approve the changes
6. Once approved, the updates are then pushed to the live site
7. Another backup is created for both the live and staging environments
8. Your ticket is updated with confirmation that the plugin update is complete
BUDGETING FOR UPDATES
We typically recommend budgeting $1000-1500 at a minimum per year for website maintenance in order to keep your site updated and secure. We cannot perform these updates at no cost or without your permission. Optional:If you have someone on your team that is savvy enough to be dangerous, we are also happy to show them how to monitor for updates and perform the backups and plugin updates internally. WP Engine does make it quite clear when these are required.
Feel free to reach out to our support team if you have more questions.