How to deal with WordPress updates?
If you’ve been using WordPress for more than a month, you’ve probably heard about updates at least once. These are updates for plugins, themes, or WordPress core. The software is constantly developed, new functions appear, errors are detected and then corrected. In the last 12 months, WordPress had 33 version changes (beta & regular versions). Although, thanks to automatic updates, you may have overlooked some of them (WordPress did them for you).
Authors, blogs and news services usually call for updates as soon as possible. WordPress also reminds you about updates and encourages you to update with one click.
Suppose you also realise that most WordPress-related codes are developed openly. This means that everyone has access to the source code of individual versions. In most cases, the code also includes information about corrections made (i.e. errors in previous versions). Naturally, you would want to update to the latest version.
So much in theory. But how does it work in real life?
There is no rose without a thorn…
Unfortunately, as is often the case, nothing in practice is as simple as it is in theory. It is the same with WordPress updates. It may turn out that after one click, you’ll face an unpleasant surprise for various reasons. Perhaps the new version has not been tested well enough, or maybe the plugin’s author did not ensure compatibility with the latest version, and your site stops working after the update.
This post-update situation creates an ongoing stream of questions from users who wonder whether to action updates. Sometimes WordPress website owners prefer to postpone making an update and check other users’ problems first. And sometimes, they even find “experts” who suggest restoring the previous version from a backup to solve the problem. In this case, the “expert” forgot that the automatic WordPress update would be done the next day again, and the problem would come back.
So how is it with these WordPress updates?
When we were little, the most hated answer after asking someone a question was “it depends”. After all, each question should have a simple answer. Unfortunately, that rarely happens, and the answer “it depends” is standard regarding website updates.
In the case of updates, it depends on what a particular update will change. Here are five cases that could explain different update situations:
- Updating the plugin that adds a Facebook “like” button below the articles will change the button’s appearance (and only that).
- Update the same plugin, forced by the Facebook API change, so the old versions will soon stop working correctly.
- The WordPress update changes how some basic functionality works.
- Critical WordPress core (or plugin) fix to fix security bugs.
- The critical update of the plugin fixes a bug where a logged-in user with administrator rights can perform an SQL Injection attack.
Case 1 – Ignore
Updating the plugin that adds a Facebook “like” button below the articles which changes the button’s appearance (and only that).
In most cases, nothing will happen if the site shows the old buttons for some time. As a result, you can safely wait, and there is nothing to be afraid of. Even if you do, you can always restore the backup.
Case 2 – Wait
Update the same button plugin as above, but this time forced by the Facebook API change. As a result, the old versions will soon stop working correctly.
It looks more serious, but the worst thing is that the buttons will stop working (stop showing) for a while. However, the risk is small; again, a backup will be salvation.
Case 3 – Wait
The WordPress update changes how some basic functionality works.
The risk is a bit bigger because more dependencies are starting to appear, so it may turn out that not all plugins have had time to adapt to the changes and release updates. On the other hand, if we delay the update, nothing terrible will probably happen – we just won’t have access to new tools.
Case 4 – Update
Critical WordPress core or plugin update fixing security bugs.
If there is an update, the bug has been known for at least a few days. This means that there are probably already scripts trying to exploit this vulnerability. Unfortunately, the popularity of WordPress pays off to blindly attack sites trying to exploit known vulnerabilities.
So if we do not want to have any unpleasant situation, it is worth updating immediately. If a problem after an update occurs, try to track it down and solve it. If you can’t solve it, temporarily block the functionality that causes the problem.
Case 5 – Update
The critical update of the plugin fixes a bug where a logged-in user with administrator rights can perform an SQL Injection attack.
We dealt with this type of error in the WooCommerce plugin in 2015. At first glance, it looks dangerous, and some website owners have started to panic.
But was there any reason to be afraid? After all, this error can only be used by website administrators. However, they can probably mess up a lot without using security holes. Of course, it is worth patching this gap. However, you can undoubtedly approach it calmly and test everything before and after the update.
In the case of updating WordPress, common sense and awareness will help
After reviewing the cases above, it should be clear that each update can be different, and this can cause the problem of what to do: update, wait or ignore.
Some of the updates you should do immediately, others we want to have as soon as possible, and without others, the website can function for many months.
Regardless of which update we are dealing with, we can do a few things to make clicking “update” not cause unnecessary stress.
Test version of the website on a staging environment as a testing ground
The perfect situation is to have a staging environment where you will perform all coding activities or updates. In addition, you should transfer updates to the production service only after their execution and testing on the test environment. There is practically nothing to stress about here. The production service is always operational (and highly secured), and you can easily correct problems without making life difficult for users, customers, etc.
Unfortunately, this solution requires specific technical skills and time, which is more common in more prominent and consciously developed projects.
Always make a backup before the update!
If you have a smaller website and every saving counts, I would advise you to take a backup before each update as the minimum necessary.
It is not that difficult, especially since various plugins have come to the rescue. It allows you to perform a backup with a few clicks (and additionally, they can do it on their own according to a set schedule).
You can read more about it in our article “Why are WordPress Backups Important?“
Should I manage my website?
You can maintain your website if you have the time, know what to look out for, and are confident in fixing errors. However, regular website maintenance takes too much time and energy for someone already focused on running the business. You must perform some tasks weekly, and incorrectly attempting to fix issues can lead to disastrous outcomes like website downtime.
If you do not have time to deal with it or are not interested in what the specific updates contain, outsource it to the specialist.
Most businesses prefer to outsource their WordPress care and maintenance to professionals as this helps to save time, energy, and stress. They can put their website care to rest and be assured that their website is always healthy, running smoothly, and free of defects.
Of course, no one will do it for you for free, but maybe it is worth considering the losses that a website/store that does not operate for several hours/days exposes you to.
FAQ about WordPress updates.
Yes, WordPress does have automatic updates. Starting from WordPress version 3.7, security updates and minor releases are automatically applied by default. This means that if a security patch or a new version with bug fixes is released, your WordPress site will automatically update to the latest version without any intervention required from you.
However, major updates (from version 5.7 to 6.0) are not automatically applied, as these updates may require manual intervention or affect site functionality. Therefore, you will need to initiate these updates manually.
Additionally, you can choose to disable automatic updates altogether or customize the automatic update settings according to your preferences using plugins or code snippets. Keeping your WordPress site updated is essential to ensure optimal performance and security.
You should update as soon as a new WordPress version is available. WordPress updates often include security patches, bug fixes, and new features that improve your site’s overall performance and functionality. You should also check that your installed plugins and themes are compatible with the new version of WordPress before updating. The best rules for when and how to update are described above in our article.
Remember to back up your site files and database before updating WordPress.
The four reasons why updates are important in WordPress:
Security: WordPress is a popular target for hackers, and security vulnerabilities can be exploited to gain unauthorized access to your website. WordPress updates often include security patches that address these vulnerabilities, which can help keep your website secure.
Bug fixes: Updates also fix bugs and issues in the software. These bugs can cause errors, crashes, and other issues that negatively impact your website’s performance and user experience.
Compatibility: WordPress updates ensure compatibility with the latest web technologies, including new versions of PHP, MySQL, and other software that power the web. Keeping up with these updates ensures that your website functions properly on modern browsers and devices.
New features: Updates often introduce new features and functionality that can improve the user experience and streamline website management. For example, WordPress 5.0 introduced the new Gutenberg block editor, making creating and managing content easier.
To check for WordPress plugin updates, follow these steps:
1. Log in to your WordPress admin dashboard.
2. In the left-hand menu, click on “Plugins”.
3. You will be taken to a page that shows all the installed plugins on your website.
4. If any plugins have available updates, you will see a notification next to the plugin name that says “Update Available”.
5. You can also check for updates by clicking the “Update Available” link, which will take you to the plugin update page.
6. On the plugin update page, you will see a list of all the plugins that have available updates.
There are a few cases you have to update your WordPress plugin. We wrote about it in the article. Urgent updates are in two situations:
1. When a critical WordPress core, version or plugin update is released to fix security bugs.
2. The critical update of the plugin fixes a bug where a logged-in user with administrator rights can perform an SQL Injection attack.
In other cases, you can wait or update depending on the situation.
First of all, before updating, you have to ensure compatibility with a plugin update, but sometimes the results of an update are unexpected, and things can break. In such a case, you will need the developer’s help to fix it, or you can use a different plugin with the same functionalities.
It is generally recommended to update WordPress before updating plugins. This is because WordPress updates often include security patches and bug fixes that can affect the functionality of plugins. By updating WordPress first, you can ensure your website is up-to-date and functioning properly before updating your plugins.