How to deal with WordPress updates?
If you’ve been using WordPress for more than a month, you’ve probably heard about updates at least once. These are updates for plugins, themes, or WordPress core. The software is constantly developed, new functions appear, errors are detected and then corrected. In the last 12 months, WordPress had 33 version changes (beta & regular versions). Although, thanks to automatic updates, you may have overlooked some of them (WordPress did them for you).
Authors, blogs and news services usually call for making updates as soon as possible. WordPress also reminds you about updates and encourages you to update with one click.
Suppose you also realise that the vast majority of WordPress-related codes are developed openly. This means that everyone has access to the source code of individual versions. In most cases, the code also includes information about corrections made (i.e. errors in previous versions). Naturally, you would want to update to the latest version.
So much in theory. But how does it work in real life?
There is no rose without a thorn…
Unfortunately, as is often the case, nothing in practice is as simple as it is in theory. It is the same with WordPress updates. It may turn out that after one click, you’ll face an unpleasant surprise for all kinds of potential reasons. Perhaps the new version has not been tested well enough, or maybe the author of a plugin did not ensure compatibility with the latest version, and your site stops working after the update.
This type of post-update situation creates an ongoing stream of questions from users who wonder whether to action updates. Sometimes WordPress website owners prefer to postpone making an update and check other users’ problems first. And sometimes, they even find “experts” who suggest restoring the previous version from backup to solve the problem. In this case, the “expert” forgot that the automatic WordPress update would be done the next day again, and the problem would come back.
So how is it with these WordPress updates?
When we were little, the most hated answer after asking someone a question was “it depends”. After all, each question should have a simple answer. Unfortunately, that rarely happens, and the answer “it depends” is standard when it comes to website updates.
In the case of updates, it depends on what a particular update will change. Here are five cases that could explain different update situations:
- Updating the plugin that adds a Facebook “like” button below the articles, which will change the button’s appearance (and only that).
- Update the same plugin, forced by the Facebook API change, so the old versions will soon stop working correctly.
- The WordPress update changes how some basic functionality works.
- Critical WordPress core (or plugin) fix to fix security bugs.
- The critical update of the plugin fixes a bug where a logged-in user with administrator rights can perform an SQL Injection attack.
Case 1 – Ignore
Updating the plugin that adds a Facebook “like” button below the articles which changes the button’s appearance (and only that).
In most cases, nothing will happen if the site shows the old buttons for some time. As a result, you can safely wait, and there is nothing to be afraid of. Even if you do, you can always restore the backup.
Case 2 – Wait
Update the same button plugin as above, but this time forced by the Facebook API change. As a result, the old versions will soon stop working correctly.
It looks more serious, but the worst that can happen is that the buttons will stop working (stop showing) for a while. However, the risk is small, and again, a backup will be salvation.
Case 3 – Wait
The WordPress update changes how some basic functionality works.
The risk is a bit bigger because more dependencies are starting to appear, so it may turn out that not all plugins have had time to adapt to the changes and release updates. On the other hand, if we delay the update, nothing terrible will probably happen – we just won’t have access to new tools.
Case 4 – Update
Critical WordPress core or plugin update fixing security bugs.
If there is an update, the bug has been known for at least a few days. This means that there are probably already scripts trying to exploit this vulnerability. Unfortunately, the popularity of WordPress pays off to blindly attack sites trying to exploit known vulnerabilities.
So if we do not want to have any unpleasant situation, it is worth updating immediately. If a problem after an update occurs, try to track it down and solve it. If you can’t solve it, temporarily block the functionality that causes the problem.
Case 5 – Update
The critical update of the plugin that fixes a bug where a logged-in user with administrator rights can perform an SQL Injection attack.
We dealt with this type of error in the WooCommerce plugin in 2015. At first glance, it looks dangerous, and some of the website owners have started to panic.
But was there really any reason to be afraid? After all, this error can only be used by website administrators. However, they can probably mess up a lot without using security holes. Of course, it is worth patching this gap. However, you can undoubtedly approach it calmly and test everything before and after the update.
In the case of updating WordPress, common sense and awareness will help
After reviewing the cases above, it should be clear that each update can be different, and this can cause the problem of what to do: update, wait or ignore.
Some of the updates you should do immediately, others we want to have as soon as possible, and without others, the website can function for many months.
Regardless of which update we are dealing with, we can do a few things to make clicking “update” not cause us unnecessary stress.
Test version of the website on a staging environment as a testing ground
The perfect situation is to have a staging environment where you will perform all coding activities or updates. In addition to this, you should transfer updates to the production service only after their execution and testing on the test environment. There is practically nothing to stress here. The production service is always operational (and highly secured), and you can easily correct problems without making life difficult for users, customers, etc.
Unfortunately, this solution requires specific technical skills and time, so it is more common in more prominent and consciously developed projects.
Always make a backup before the update!
If you have a smaller website and every saving counts for you, I would advise you to take a backup before each update as the minimum necessary.
It is really not that difficult, especially since various plugins come to the rescue. It allows you to perform a backup with a few clicks (and additionally, they can do it on their own according to a set schedule).
You can read more about it in our article “Why are WordPress Backups Important?“
Should I manage my own website?
If you have the time, know what to look out for, and are confident in fixing errors yourself, then you can maintain your website yourself. However, regular website maintenance takes too much time and energy for someone already focused on running the business. You need to perform some tasks weekly, and incorrectly attempting to fix issues can lead to disastrous outcomes.
If you do not have time to deal with it or are not interested in what the specific updates contain, outsource it to the specialist.
Most businesses prefer to outsource their website maintenance to professionals as this helps to save time, energy, and stress. They can put their website care to rest and be assured that their website is always healthy, running smoothly, and free of defects.
Of course, no one will do it for you for free, but maybe it is worth considering the losses that a website/store that does not operate for several hours/days exposes you to?