I brought in two leading “experts” from the world of big computing, to talk about WordPress, Automatic Updates and specifically my article on “Humans get hit by buses” they discuss the pros and cons of automatic updates vs manual.
Enjoy
Tim!
Transcript
0:00: Ever walk out of your house, get halfway down the block and suddenly think.
0:03: Did I turn off the stove?
0:05: Yeah, that my friend is your brain reminding you that humans it really is.
0:10: Aren’t exactly wired for flawless routine maintenance.
0:14: We’re far more drawn to novelty than say, remembering to update our WordPress site again.
0:20: It’s true.
0:20: Our brains are much better at imagining exciting new possibilities than diligently checking off to do lists.
0:28: Exactly.
0:29: And when it comes to websites, those to do lists can feel never ending.
0:34: But what if there was a way to take some of that burden off our plates specifically, those Pesky wordpress updates.
0:39: The allure of automation is strong, especially in the world of WordPress security where even a small oversight can have big consequences, huge.
0:47: And today we’re going deep on this with Tim Nash, a WordPress security expert who doesn’t mince words.
0:52: Oh, he does not.
0:53: He’s seen it all fixed it all.
0:54: And his take is not automating your WordPress updates is like playing Russian roulette with your website.
1:00: Now, Tim jokingly calls himself a doomspeaker because he’s quite a fun about the risks.
1:05: But in reality, his insights are all about helping people avoid disaster.
1:10: Right?
1:10: So let’s break down why he feels so strongly about automation.
1:14: He argues that relying on humans to manually update WordPress is inherently flawed.
1:19: Life gets in the way deadlines pile up, vacations beckon or maybe you actually do get hit by a bus all the while your site is left vulnerable.
1:27: And the thing is cyber threats don’t take vacations.
1:29: They’re lurking 24-7 just waiting for a site to miss an update, leaving a vulnerability exposed is like an open invitation for trouble.
1:36: You’re saying it’s not a matter of if something will go wrong.
1:39: But when exactly and when it comes to WordPress, those can range from annoying spam comments to full blown site takeovers.
1:48: Ok.
1:48: That sounds terrifying.
1:50: So how do we avoid becoming another cautionary tale?
1:52: Enter Tim Nash’s solution.
1:54: He proposes a multi-layered approach that revolves around automation but not just blindly hitting the update automatically button.
2:02: He emphasises building a system, a safety net if you will.
2:05: Ok.
2:05: I’m intrigued.
2:06: What does this automation safety net actually look like in practice?
2:10: Well, Nash advocates for a multi step process that involves backups, a separate testing server and this is key automated tests for those of us who aren’t fluent in wordpress jargon.
2:19: Could you unpack those terms a bit?
2:21: What exactly are plugins updates, backups and why are they so crucial in this context?
2:27: Absolutely.
2:27: Think of wordpress like a car, it’s a great way to get around or in this case, have a website, but it needs regular maintenance to run smoothly and stay.
2:36: Secure updates are like taking your car to the mechanic.
2:39: They patch up vulnerabilities, improve performance and sometimes add cool new features.
2:44: Now, plugins are like adding fancy gadgets to your car.
2:48: They extend its functionality, but just like those gadgets plug ins need updates too to stay compatible and secure a backup.
2:55: In this analogy would be like having a spare key.
2:58: If something goes wrong with your primary key or in this case, your website, you have a way to get back in and restore it to a working state.
3:04: So you’re saying that neglecting these updates and backups is like driving around in a car with bald tires and hoping for the best.
3:11: Exactly.
3:12: It’s a recipe for disaster.
3:13: You might be fine for a while, but eventually something’s going to give.
3:16: Ok.
3:17: That’s a terrifying yet perfect analogy.
3:20: You’ve officially convinced me to update my plug ins, but this testing server thing sounds intense.
3:25: Help me understand what that’s about.
3:26: Sure.
3:27: Imagine you’re about to make a big change to your website, like redesigning the home page or installing a new plug in.
3:33: You wouldn’t want to do it directly on your live site, right?
3:36: That’s where a testing server comes in.
3:38: It’s like having a clone of your website where you can experiment and make changes without any risk that way if something breaks it breaks on the clone, not your actual website.
3:47: So this testing server acts like a safety net letting you experiment freely without the fear of crashing your live site.
3:54: Precisely.
3:56: Now, let’s add in the automated tests.
3:58: Imagine you have a checklist of all the crucial things your website needs to do.
4:02: Like making sure the contact form sends messages, the online shop processes payments correctly or the blog displays new posts as intended.
4:11: Ok.
4:12: So it’s like a health check for your website, making sure everything is working as it should exactly with automated testing, this health check runs automatically either on a schedule or whenever changes are made.
4:23: So before any updates even touch the live site, you’re running this automated health check on the backup copy over on the testing server.
4:30: You got it.
4:30: It’s like giving the backup a thorough inspection before giving it the green light.
4:34: Then once the updates are installed on the test site, the automated tests run again.
4:39: This two pronged approach catches any issues before they have a chance to impact real users.
4:43: It’s like having a quality control team working around the clock except it’s all powered by clever code.
4:50: This all sounds incredibly efficient and safe.
4:53: It does, doesn’t it?
4:54: But I’m sure some listeners are thinking this sounds expensive.
4:56: Do I really need all this?
4:58: And that’s a fair question, right?
5:00: Because not everyone has the budget for a dedicated team of developers.
5:04: And a fancy testing environment.
5:05: In fact, I think Nash even mentions that some agencies, developers might shy away from this level of automation.
5:10: He does and he raises an interesting point about how some might see manual updates as more profitable.
5:17: But he challenges us to think beyond the immediate bottom line and consider the long term costs of not investing in a robust security setup because a hacked website or a data breach can cost way more in the long run in terms of lost revenue, damage to reputation and the time and resources it takes to fix the mess.
5:34: Exactly.
5:35: And that’s where this shift in perspective comes in viewing website maintenance, not just as a chore, but as an investment in the long term health and security of your online presence, essentially reframing maintenance from a necessary evil to a strategic advantage.
5:50: Precisely.
5:51: It’s about shifting from a reactive approach where you’re scrambling to fix problems after they occur to a proactive one where you’re investing in systems that prevent those problems from happening in the first place.
6:02: It’s like that old saying an ounce of prevention is worth a pound of cure.
6:05: But I have to ask even with the most sophisticated system, isn’t there still a chance something could slip through the cracks?
6:12: After all, we’re talking about software here and software can be buggy.
6:16: You’re right.
6:16: No system is foolproof.
6:18: Even with all the testing and backups in the world, there’s always a chance something unexpected could happen.
6:23: So, should we just accept that website glitches are inevitable and live in a constant state of paranoia?
6:28: Not at all.
6:29: This is where context is key.
6:31: Nash actually shares a compelling statistic based on his own experience using automated updates on thousands of websites.
6:37: He’s found the failure rate to be under 0.2% 0.2%.
6:42: Wow, that’s remarkably low.
6:44: It kind of makes you wonder if worrying about those potential glitches is even worth it precisely, especially when you weigh them against the risks of not automating.
6:52: Remember every day you delay updates, your site becomes more vulnerable.
6:56: Think of it like this, would you rather face a 0.2% chance of a minor software hiccup or a much larger chance of being hacked because your site was due for an update.
7:07: It’s a bit like playing the odds, isn’t it?
7:08: And suddenly that 0.2% seems pretty insignificant.
7:12: Exactly.
7:13: And that’s a decision every website owner needs to make for themselves, weighing those potential risks against their own comfort level and resources, which brings us to a crucial question.
7:22: What if you don’t have the resources for the elaborate testing environment?
7:25: Nash describes, does that mean automation is out of reach?
7:28: Not necessarily remember the core principle here is about minimising risk and there are varying degrees of automation you can implement even without a dedicated testing server.
7:37: So start small, maybe with something like automatic backups.
7:40: And security scans.
7:41: Exactly.
7:42: Even those seemingly small steps make a huge difference.
7:46: You can then gradually layer on more sophisticated automation as your resources allow.
7:51: It sounds like the key takeaway here is to be proactive, understand your own risk tolerance and find a balance that works for your specific situation.
8:00: Absolutely.
8:00: It’s not about finding a one size fits all solution, but rather adopting a mindset of continuous improvement when it comes to your website security.
8:07: This has been a fascinating deep dive into the world of wordpress automation.
8:11: Tim Nash’s insights have definitely given us a lot to think about.
8:14: So for all of you listening, here’s a final thought.
8:17: As you navigate the ever evolving landscape of website maintenance, ask yourself, what level of risk am I truly comfortable with?
8:24: And what steps big or small can I take today to build more secure and resilient online presence?
8:30: Because in the world of WordPress, a little automation can go a long way.
Confession Time
The above was in fact AI generated using Google notebookLM. It has a built in conversation generator, I fed it the original article and only that to see how the conversation would be generated. I did do a couple of revisions, I particularly liked a version where the participants discussed if humans like them were more intelligent than their laptops.
We live in a very fast paced moving world where everything is changing, from AI to WordPress Security. Its maybe time to change your mindset to if you really think you are somehow better at being a computer then a computer.