December saw the release of WordPress 4.7. You might see added performance for your site because it supports php 7. It also cleans up some small interface issues in the administrative tools.
Unless you have a very early version of WordPress, the updates are automatic. It is possible that the updates might go wrong. So as always, it is important that you have current backups so that if your update has issues, you can get your site back. If you need to do a manual upgrade, you can.
Joomla’s latest version is 3.6.5 and was also released in December. The biggest change is that the update tightens down security related to user information on forms.
The challenge with security is that templates (Joomla), themes (WordPress), widgets and extensions are available from all types of developers online. Both CMS platforms provide a list of vetted add-ons. Most of these will be generally safe to use. However if you find add-ons outside of these sources, you use them at your own risk. The risk is that these additional pieces of software may not integrate with your CMS in a way that maintains the security of the CMS.
If you are using an open source content management system, your website will always be security vulnerabilities. The WordPress and Joomla development teams and freelancers provide documentation and recommendations about how to thwart security breaches. WordPress has a service that will notify you by email about recent releases if you don’t opt into the automatically updates. Joomla 3 and later provides you with a notification in the administrator panel when you login. Although it is a bit complicated, Akeeba has a suite of administration tools for Joomla that provides backup and upgrades. However all of these automated tools are not advised if you have customized any part of the CMS infrastructure. In addition, if you added customized functionality within a page or post, it may not be secure either.
There are widgets and extensions to avoid malware, SQL injections and other hacks. And there are many experienced people who have good security recommendations too. These are helpful but also need to be updated to catch the latest vulnerabilities.
There is a cost involved in maintaining security. The challenge for many businesses is that it is important to understand the technology. A good deal of our business involves advising business principals and marketing managers of these details. We don’t like that we have to talk about such issues but it is a necessity in these times. If you would like a security review, let Landau Design assist you. Get a quote to upgrade your site.