Updating WordPress Core, Plugins and Themes

Is your WordPress instance, plugin or theme running on the latest version?  Is your plugin or theme being actively updated? Have you considered an upgrade or using an alternative suitable plugin to do the same job?

Do I need to keep WordPress Updated?

In order to comply with principle 7 of the Data Protection Act, a data controller must have appropriate security to prevent the personal data you hold being accidentally or deliberately compromised. In particular, you will need to:

• design and organise your security to fit the nature of the personal data you hold and the harm that may result from a security breach;
• be clear about who in your organisation is responsible for ensuring information security;
• make sure you have the right physical and technical security, backed up by robust policies and procedures and reliable, well-trained staff; and
• be ready to respond to any breach of security swiftly and effectively.

Security therefore could extend to running out of date versions of WordPress core, plugins and themes.  Updates are usually provided to add functionality but more importantly to fix security and vulnerabilities.

The Information Commissioners Office has free guidance for Principle 7

Here’s more information about the Information Commissioners Office the Data Protection Act 1998 and processing personal data in WordPress