This is the second post in our series on managing WordPress update options. Without a good process in place to make sure updates are happening correctly, your site could be at risk of security vulnerabilities and outdated functionality. It’s easy to forget this part in your website business plan: when you go live, all of your themes, plugins, and WordPress core will be up to date running on the latest versions. But updates to everything from security patches to new features are constantly being published, and it’s important to stay on top of them.
Whether you are a business owner with just one site to manage, or an agency with many client sites on your plate, you will benefit from having a process in place to manage updates.
In each new release of WordPress, developers are fixing bugs, adding features and patching security vulnerabilities. It’s true that many updates are minor bug fixes or features that may not affect your site but on the other hand, some are critical security fixes that should be applied immediately.
Functional updates add features and options to the WordPress core. These include minor bug fixes, feature enhancements, security fixes, and internal performance improvements. Some updates are extremely critical and need to be acted upon quickly in order to prevent massive destruction. WordPress has an automatic update process which will perform most of these updates for you.
Functional updates include security and maintenance fixes. WordPress has a security team that works to create and review patches whenever a vulnerability is discovered. In some cases of serious vulnerabilities, a patch can be written and pushed out within hours of its discovery.
Major releases typically come out every 4 – 5 months. WordPress rolls out sparkly new features in these major upgrades, and may remove or rework existing features. An example of a huge feature due to be released soon is the new Gutenberg content editor, which we will be covering in the next blog series. The release team names each major release after famous Jazz musicians, so it’s easier to keep track of them.
Major releases do not update automatically. When these new functionalities are released, many themes and plugins update their code to accommodate and make use of the new features – so you will typically see many theme and plugin updates around the time of a major core update.
Check out the news page on WordPress.org to see a list of updates and releases.
Most plugins can be updated straight from the WordPress Admin. In some cases, a plugin may require you to download a new version of the plugin and upload to overwrite the old version. Some paid plugins take this approach, and will notify you when you need to update manually.
Commercial themes, and free themes found in the wordpress.org Theme Repo regularly push out updates. Themes can be updated from the Updates page, or the Themes page in the Appearances menu.
Your WordPress dashboard notifies you in many places when there is an update available. The Updates section lists all core, plugin and theme updates that are available, and enables you to update all from a single place.
Occasionally, it may be necessary to perform a manual update to your site. Your host or security provider might have restrictive file settings in place, or your install may have become corrupt for some reason, disabling updates from the Admin panel. For example, a recent mistake in WordPress code accidentally disabled the Automatic Updates feature. They quickly pushed out an update to fix it, but many sites had to be manually updated to this new version as a result. Issues like these are rare, but be sure you know your FTP or hosting credentials so you are able to do a manual update if you ever need to.
Now that you understand what goes into the WordPress updates process, you can decide for yourself which way is right for you. At the minimum, I recommend going through your site and updating everything once a month. As a best practice, you should be checking your site regardless, just to make sure everything is up and running as it should be.
Set aside time each month to review your Updates page. You may want to update more or less often depending on your site’s needs. Set a recurring day and time in your calendar to perform updates and site management so you don’t forget.
Since some updates could potentially break your site, performing these updates on a staging site first can help you work out the bugs ahead of time and make sure your live site doesn’t crash. We will cover setting up a staging site in our March 19 blog post, “Don’t Break Live! Making Sure WordPress Updates Don’t Break Your Site”.
If you have multiple sites, you could benefit from using a site manager to keep track of your plugins, themes, and versions. ManageWP and InfiniteWP are examples of remote monitoring tracking services. They are especially useful for people who are managing multiple websites. They provide a single dashboard from which you can see every update across all your websites and run the updates from a single location. They can also be configured to email you when updates are available.
As WordPress is getting more and more popular, many web hosts are deciding to specialize in WordPress and offer Managed WordPress hosting packages. They typically will have a team of dedicated WordPress developers on hand to manage aspects of your site, such as speed, backups, and keeping both the server environment and your WordPress install solidly running on the most up to date version. Some hosts that offer Managed WordPress hosting are WPEngine, Pantheon, and Siteground.
In addition to hosting packages, some agencies and developers will offer a monthly WordPress management plan. Here they monitor all available updates and make sure your site stays updated. In case something should break, they will be able to catch it and fix it for you so that it doesn’t crash your live site.
Sometimes, updates change core functionality that your theme or plugins depend on. When that happens, you run the risk of a broken site after an update. Next week’s post walks you through what you can do to get your site back online after an update accidentally takes it down.