What Is WordPress - Non Geek Speak
WordPress is a program or app (more commonly known as a Content Management System or CMS), and to extend its capabilities, like a large opening slider or slideshow for example, you add plugins to it. You also have a theme, which is the look and feel.
WordPress itself is open source, thus it is free. This means that the code is open for anyone to view or modify. It is written in a code called PHP. According to Wikipedia, PHP is a general-purpose scripting language geared towards web development. The basic installation of WordPress is often referred to as the core.
As stated above, to extend WordPress’ core capabilities, you can add a plugin to it, which is a software component that adds new functionality or enhances existing functionality to a WordPress website without requiring coding. If you want to make your WordPress website an e-commerce store, then you might add a plugin like WooCommerce to it. WooCommerce adds everything you need to start selling a product on your website.
A theme is the look and feel of the website, it is what makes the website look the way it looks.
Some plugins and themes cost money to either purchase, use, or upgrade. Just like Microsoft Windows has free apps and premium apps that cost you money to use (like MS Office for example). All these apps, plugins, and themes have updates that are either fixing vulnerabilities or maybe adding a feature.
WordPress typically updates several times a quarter, you can see this here to see a history of updates since 2003.
Plugins update depending on the developer or developers and if they are adding a feature or function or maybe fixing a vulnerability. I will use a “Premium” (premium meaning that you have to purchase a license in order to use) plugin called Slider Revolution, as an example for this post. In the case of Slider Revolution which is the plugin that is used on the main page as a slideshow or video.
In the past 365 days, (as of this posting) Slider Revolution has had 11 known vulnerabilities (I know it sounds like a lot of vulnerabilities, but is about average for most code). This means that if you are using this plugin and you are not paying for updates, then your website is vulnerable to hackers. A vulnerability is simply a hole for a skilled hacker to get into the code and likely work their way into your website itself.
Most often they either deface the website, hold it hostage or they will put code on it, so your visitors get malware. Imagine if a visitor to your website who is a potential client, gets a virus installed on their computer because of your website. That is not good business and puts your business at risk. That is why it is important to update your installation of WordPress, themes, and plugins.
I know that this sounds like WordPress is a bad thing, but honestly, this is how all pieces of software function. A vulnerability is just a way of life. Most often it is caused by an oversight from the developer or person that coded the software.