WordPress is currently the most popular content management system. It’s used by millions of websites. While this is amazing for the longevity of the platform, it also means hackers target it because of its popularity. The biggest vulnerability is out dated WordPress core, plugins, and themes. Hackers could take advantage of outdated code to attack your site. Don’t worry, there’s good news!
Benefits to keeping WordPress updated
WordPress developers are constantly updating their plugins and themes. Here are a few other reasons you should stay on top of updates with WordPress core, plugins, and themes.
- New features being added
- Improved compatibility with WordPress core
- Bug fixes
- Improved performance
- Security and stability fixes
How to update WordPress safely
Always make a backup. Sometimes updating can cause problems, so it’s best to create a backup of your entire WordPress site before updating. You can do so in many ways, but the quickest may be to use a plugin. Here are two you can try out.
Review the changelog to know what’s being updated. Plugins and themes typically have a public changelog that will list all the changes for current and past updates. It’s a smart idea to review this to learn if there is a change that could potentially break your site, or perhaps only a minor changes so you know it won’t affect anything if you update it. For plugins, you can find this directly within WordPress by clicking the “view details” link next to each plugin under Plugins > Installed Plugins.
Test on a staging copy. If you have a large site or one with a lot of active customers, you may not want to perform updates on the live site until you know it won’t break anything. In this case, you want to make a staging copy to update on and test before making them live. The best place to make staging copies is on your Managed WordPress Hosting account. I personally use and recommend SiteGround which offers unlimited staging copies. If you don’t have WordPress hosting with staging features, you can use a plugin:
Install the updates. Go ahead and hit the update button. You can do this in a couple places. You may notice when a new WordPress core update is available there’s a notification on your Dashboard.
Clicking the “please update now” link will take you to the main Updates page. Under Dashboard > Updates you will see a circle with a number telling you how many updates are available. On this screen you can check the boxes for plugins or themes you want up update and perform a bulk update.
To update a theme, on this same page scroll down until you see the themes section. This will list any themes uploaded to your site that have an available update. If you’re using a premium theme from ThemeForest you’ll need to have it connected to the Envato Market plugin in order to access updates. In the example below there is a theme called Total that has an update available from ThemeForest.
Alternately you can update plugins by going to Plugins > Installed Plugins to view a list of all your plugins. Notice the available updates are highlighted. You can simply click the “update now” link on each one you’d like to update.
And lastly, you can update themes under Appearance > Themes. Here you’ll see all themes that are uploaded to your site, and those with available updates will be highlighted. Simply click the “update now” link to update the theme.
Review the updates. After you have successfully updated WordPress core, plugins, and themes, you should review your site to make sure it’s working properly. If you happen to find an issue caused by a plugin or theme, you can roll it back to the previous version. Do this from your backup, or do this only for a specific plugin or theme using this plugin:
Automatic updates. If your site does not require as much attention or careful testing before updating everything, you can setup automatic updates. This will perform updates for WordPress core, plugins, and themes without you touching a thing. This isn’t recommended, as you’ll more likely run into problems or issues that you’re unaware of because of the hands off approach. However, if you do want the ease of automatic updates, try this plugin:
Following these steps to safely update your WordPress core, plugins, and themes will keep your site on track to remaining secure and running smoothly. It’s very important you monitor the available updates on your WordPress site and plan to perform updates at least once a week. Leaving them outdated for long will almost certainly result in a broken site, bugs, or hacking.
I’ll do it for you! For those who don’t want to spend their valuable time going through these steps each day or week, I provide a WordPress support service that will do exactly this for your site. Learn more here.