If you have several plugins on your WordPress site, it doesn’t usually take long for those Update notifications to start piling up. Is it safe to just click the checkbox next to everything and hit “Update” or is there some method to all the clicks?
How Often Do I Need to Update WordPress?
A general rule of thumb we follow is to update WordPress core, plugin and theme updates once a month. If there is an important security patch released, then we take swifter action. We check which sites are affected and address these critical updates within a matter of hours.
While neglecting to update your plugins for months or even years (!) leaves your website vulnerable to hackers and incompatibilities, sometimes updates can also introduce their own problems. By actually holding off on updates, we give others the time to find and fix the problems with new features. We generally recommend waiting to upgrade to major releases for 2-4 weeks. For instance, rather than updating from WordPress 4.9.9 to WordPress 5.0, which was a major release, we waited on a lot of sites until WordPress 5.0.1 or 5.0.2 was released, with several bug patches. Let other people be the guinea pigs and deal with all the glitches!
For smaller releases like minor updates and patches, usually waiting 2-7 days suffices.
About Version Numbers
Most plugins use semantic versioning, where in a version number like 1.1.2, it translates to MAJOR.MINOR.PATCH. Most updates are patches, where you make backwards-compatible bug fixes, meaning small updates that will work also with older versions of the plugin. Minor updates generally include new functions. These are unlikely to break anything. Major versions may introduce really new features that are not backwards compatible. These are the most likely to cause problems with your current content, theme, or other plugins.
In order to mitigate issues when performing updates, we perform backups before executing updates. That way, we can roll back to a stable version of the site without losing data. An experienced WordPress professional can help you navigate these plugin and WordPress version updates with minimal risk.
On older, less stable sites, we are more cautious. For major version upgrades, or when there is a history of plugin conflicts, we perform updates first on a staging copy of the website. Then we review the results before upgrading the live site.
Here is the method we follow for updating dozens of customer websites with the fewest number of errors.
Step 1: Decide When to Perform WordPress Updates
When updates are running, WordPress often goes into “maintenance mode” and shows users on the site a message that says “Briefly unavailable for maintenance. Check back in a minute.” And chances are it won’t even be a full minute.
But you want as few users as possible to see this message. And you also want to minimize the risk that an update gone awry will take the website down for even longer during peak traffic periods. In order to mitigate the second problem – updates causing an outage – check updates on a separate environment that is as close as possible to the live environment. This means use the same exact site versions of everything are running, including PHP (see Step 5 below). In order to determine periods of low or even no website traffic, go to Google Analytics to check visitor data trends and monitor live traffic.
Step 2: Update WordPress Core
WordPress is open-source software, so anyone can study the full source code to learn and improve it. However, it also means that hackers can study it too and find ways to break in. When you add in the fact that WordPress is so popular that it powers more than 40% of all websites, you have a ripe target for hackers. Keeping your WordPress version up to date is your first line of defense against hackers.
In addition to security precautions, new versions of WordPress also generally help your site run faster and even more efficiently. New features are coming out all the time.
Step 3: Update Plugins, Beginning With the Main Ones
Of all the the updates that are likely to break your site, the largest culprit is definitely plugins. Too many plugins can clutter up and slow down WordPress sites. Poorly written and maintained plugins can take down the site entirely.
If you have a lot of plugins to update during a maintenance period, it’s generally a good idea to start with those that control a large portion of the site. Some examples would be Elementor, WPML and WooCommerce. If those go smoothly, then move on to their extensions, (e.g. Elementor Pro, WooCommerce Additional Variation Images).
Typically it’s safe to enable auto-updates on plugins that are supported by a large community and rigorously tested. Some examples are those produced by Automattic (the people behind WordPress), or those whose functions are very limited (e.g. Google Analytics).
Sites running on WordPress version 5.5 or later can now go to the Plugins page and turn on auto-updates for individual plugins.
A few notes about those WooCommerce Updates
Many WooCommerce Add Ons require an active subscription from woocommerce.com for updates. If any don’t update or display “automatic updates are not enabled”, check that correct license keys are in place before updating.
Many users are unaware that their site’s theme may have WooCommerce templates. If this is the case, then you have to consider your theme when updating WooCommerce as well, and plan on updating your theme after the WooCommerce plugin. When that’s done, look in the Dashboard under WooCommerce > Status > Templates, toward the bottom, to make sure your theme templates remain compatible with WooCommerce. If you have customizations to your child theme, you’ll have to comb through the code to ensure that everything is working properly.
Step 4: Update the Theme
For some reason, many site owners don’t seem to realize that their theme needs updating. Perhaps they mistakenly think that because it has to do with the design, it doesn’t contain the same type of functions as plugins or the WordPress core that have code updates. In any event, any theme that you should be choosing should be actively maintained and updated on a regular basis.
Go to Appearance > Themes and you’ll see a notification about any themes that have updates available.
Alternatively, it should show up under Dashboard > Updates. There are exceptions to this. Some themes don’t populate a notification when there is a new version. When that is the case, you need to look out for emails from the theme developer or, annoyingly, monitor the website you bought it from.
Step 5: Update PHP Version
PHP is a server side, open source programming and scripting language that WordPress files are written in. Updating the code base after a new release may sound scary and complicated but it’s actually one of the easiest ways to make your website load faster and more securely. And once you get access to your server, it’s just a few clicks of a button. It’s impossible to give step-by-step instructions here, because it will vary based on your server’s user interface. If you aren’t sure, your hosting provider should have tutorials available or be able to handle this for you.
If you aren’t able to locate which version of PHP your website is running on, you can use the Display PHP Version plugin.
Before updating your PHP version, make sure to make all the other updates in Steps 1 – 3. You should also backup your site and take a look at WordPress’ PHP recommendations. In the unlikely event that something breaks after upgrading, you shouldn’t have to restore a backup, however. You can downgrade the same way that you upgraded and in almost every case, your site will look the same as it did before the switch.
Why Not Put Everything on Automatic Updates?
A lot of popular plugins release new versions almost weekly. And who has time to be conducting updates every time they log in? Auto-updates seem like a great solution for automating what is frankly boring work. The problem with auto-updating plugins and themes is that these updates might break the site, but you may not know about it until hours or perhaps days later. If that’s not a risk you’re willing to take, you should probably avoid enabling auto-updates.
As discussed above, we feel comfortable putting WordPress core security updates on auto-update, along with plugins, for solid, well-managed and widely used plugins, particularly if they do not affect what gets rendered on pages. All of this is provided that the site is generally in good working order and doesn’t have a buggy temperament. You know those!
A neat tool to consider is WP Engine’s Smart Plugin Manager. It creates a backup of the site and automatically updates plugins on a test version of the site. It then runs a series of tests, including taking before and after screenshots of pages and comparing them for differences. If one of the tests fails or the screenshots detect a significant difference, it will stop the update. However, if everything passes, it will update the live site with the latest plugins.
Theme auto-updates can be enabled/disabled theme by theme by going to Appearance > Themes.
Remaining time until next auto-updates also displays in the Dashboard > Updates Screen for both Themes and Plugins
A Companion for Updating Buggy Sites
Performing software updates on a website that has a history of bugs is often a stressful endeavor. But you’re a lot less likely to run into trouble if you take the following precautions.
- Use a staging environment. By testing out any updates on a copy first, you can be sure that no changes will be catastrophic. Many hosts such as WP Engine, Kinsta and Siteground include staging environments in some or all of their hosting packages. If you don’t have this, you may need to manually set one up or use a tool such as WP Stagecoach.
- Make a backup before beginning any updates, including on a staging environment. Being able to restore a backup on staging can help you determine what went wrong and move forward more quickly.
- Use the WP Rollback plugin to restore earlier versions of many supported plugins, without having to rollback the entire site.
So, How often should you update WordPress?
Keeping your WordPress software, themes and plugins up to date is necessary for the security and performance of your website. How often you update depends on how important it is to you to be running the latest versions, either in terms or performance and/or security.
In order to safely do so, make sure that you have run a backup and are able to restore it in the event that something goes wrong. Review updates of particularly sensitive sites first on a copy (a staging environment). Then you can either reproduce the update or push a copy of the updated version to the live environment. Keep track of your updates as you go so that you can pinpoint any issues. And then pat yourself on the back; chances are you’re done, at least for a few weeks!
Make sure to subscribe to email updates from any third party plugin or theme developers so that you receive alerts about security issues and important updates.
If you have any questions about WordPress website maintenance, leave a comment below or contact us to find out about maintenance plans!