Is this a security concern? (choosing not to update Theme)

  • Resolved Ronnie55

    (@ronnie55)


    9 years, 2 months ago

    I’m using a paid/commercial theme on one of my WP sites.

    I received notice that a new version is available for download. Is it a security concern if I choose not to update the theme, at least for the time being? Assuming the update isn’t addressing anything major (just bug fixes, etc.)

    I ask because I did a few customizations I don’t want to lose. I did most of it in a child theme, because I know that’s recommended, but the theme creators gave me a few custom files to add to the theme itself, based on custom requests I made. I don’t want to lose this.

    I’ve heard of issues where not updating a plugin, or not updating WP to the latest version can cause security vulnerabilities and result in a website being hacked. Just wanted to see if choosing not to update a commercial theme for a few months would cause any security issues like this, and if so, how severe would it be?

Viewing 6 replies - 1 through 6 (of 6 total)
  • Hassan Akhtar

    (@khaxan)

    9 years, 2 months ago

    Depends of what your theme does. A lot of ‘premium’ themes available in the market add tons of features to the site. Not upgrading such themes can make your site more vulnerable. However the themes available in the WordPress repository are much light weight so not upgrading them might not be that much of a problem. In other words, it depends on the theme.

    WPyogi

    (@wpyogi)

    9 years, 2 months ago

    One other thing to be aware of is that if you cannot update your theme, it will likely eventually become problematic in terms of compatibility with WP Core and plugins – so you may want to address that at some point before it happens.

    Thread Starter Ronnie55

    (@ronnie55)

    9 years, 2 months ago

    @ WP Gurus

    My theme does a lot. It’s quite complex and has quite a lot going on behind the scenes. It’s certainly more than a set of HTML and CSS files.

    So leaving something like this un-updated will cause security issues?

    What if the latest theme update release is really simple stuff like a new color scheme added? Would I still need to update in that case?

    @wpyogi

    I’d eventually update or find a better solution to customizing the theme. I just thought if I can skip 1 or 2 tiny updates (if the theme maker is just adding color schemes and stuff like that), it’d be nice. I don’t envision this as a long term solution where I leave the theme as-is for years. I understand what you’re saying.

    Hassan Akhtar

    (@khaxan)

    9 years, 2 months ago

    If you are certain that the changes in the new version are just appearance related then it should be okay. Otherwise you should keep it up to date.

    WPyogi

    (@wpyogi)

    9 years, 2 months ago

    You really need to ask the developer of your theme about this – we have no info or ability to support commercial themes, so do check with them if you have any questions.

    Thread Starter Ronnie55

    (@ronnie55)

    9 years, 2 months ago

    Ok thanks for the responses guys. I really appreciate the time spent trying to answer me.

    I’ll send a quick note to the Theme developer.

Viewing 6 replies - 1 through 6 (of 6 total)
  • The topic ‘Is this a security concern? (choosing not to update Theme)’ is closed to new replies.