Every agency has a few sites like this: working, profitable, and frozen. Nobody updates them, because the last time someone did, it broke, and now the unspoken policy is "don't touch it." It feels like the responsible choice. It's the opposite.
This is an illustration, not a specific customer — but you already know which of your sites it describes.
The trade you're actually making
Delaying an update doesn't make the risk go away. It moves it, and it grows it:
- Security debt accrues. Every unpatched release adds another known vulnerability with a public signature. The frozen site isn't stable — it's a widening target.
- The jump gets scarier. Skip updates for a year and you're not applying one version bump, you're applying twelve at once — across plugins that changed under each other. The longer you wait, the more likely the eventual update breaks.
- The incident picks the time, not you. A controlled update happens on a Tuesday morning when you're watching. A compromise or a forced-update happens whenever it happens — usually at the worst moment.
So "don't touch it" doesn't buy safety. It buys a bigger, less predictable incident, later.
Where it bends: make current the safe option
The reason agencies delay is that ungoverned updates are genuinely risky. Remove the risk and the reason to delay goes with it:
- See what's pending, fleet-wide. Know exactly which updates are waiting on which sites, and which ones are security releases you can't afford to sit on.
- Separate routine from risky. Most updates are boring. Let the boring ones flow through health-checked plugin batches that revert automatically on failure; hold the risky ones for a look.
- Keep a real safety net. Snapshots before plugin changes, and recent backups for core and theme, so "current" never means "unrecoverable."
- Log it. Every action approved and audited, so staying current is a routine, reviewable process — not a nerve-wracking event.
The honest boundaries
- Automatic rollback covers the plugin batch path; core and theme updates run governed but without automatic revert — keep a backup for those.
- Governance shrinks the risk of updating; it doesn't make any single update impossible to break. The point is that a break is caught and reverted in minutes, not discovered by a client.
Current is the safe state
Frozen sites feel safe and age badly. The way to actually be safe is to make updating so low-risk that there's no reason to defer — visible, reversible on the plugin path, and logged.
That's what Aura's SiteAgent plugin is for. It's free and open source; connect your first site to see its pending updates and health in a minute. The governed rollout-and-rollback flow runs on a paid plan — see pricing, or work the numbers on the care-plan margin calculator.