If your website platform is a CMS such as WordPress, Drupal or Joomla it consists of core files and contributed plugins or modules. The core files are the main files for your platform and the contributed ones are optional additions you are using to perform various functions that you require for your particular website. Routinely there are updates available for either the core files or these optional additions that will require updates. Some might just have improved code modifications and some will be security updates.
Why do I need them?
Developers often update code that will improve the way the various add ons perform so it is always best to use the latest version of these files. Often these updates will fix security vulnerabilities that have been discovered. Security updates should be performed as quickly as possible. Your hosting company will urge you to perform all core updates and especially security updates as soon as possible when they are available. Especially in a shared hosting environment since other websites can be affected by malware from your website.
What happens if I don’t update them?
Failure to update security updates will leave your website vulnerable to malware. These security vulnerabilities allow hackers to take control of your site. Hackers can then do anything such as change your content or something harder to detect such as adding additional pages usually with the intent of tricking users into giving personal and credit card information. Alternatively, they may inject malicious code (malware), that pull content from another website that tries to attack any computer that views the page.
When Google and the other search engines find a site that is serving malware, they can pull it from their results. This can have devastating effects on a business. You will then have to work to get your site cleaned and relisted to search engines.
Who performs these updates?
If you have access to your website’s back end as an admin you can perform these updates to the add ons. Core files usually require more advanced access to your websites’ file manager via the hosting account or FTP access. It is always advised that you backup your website and database prior to performing any updates since they could affect the way your site displays and/or functions. I recommend having your website developer perform these updates for you.
How often do they need to be updated?
Updates do not follow any specific timeline. Visit the plugin or module section of your websites admin area and the available updates will be displayed. Sometimes your hosting provider will perform core updates to your CMS for you if you fail to do so. This may not always be desirable.