Man looking at his computer while thinking

Update Your WordPress Securely

Ruth Raventós Avatar
Ruth Raventós

Do you know how often you should update WordPress, the themes and the plugins? Don’t doubt the answer: ALWAYS (or as soon as you can).

The more time you let go without having everything updated, not only maybe you will miss interesting new features, but also run the risk of seeing how things stop working properly, finding incompatibilities between plugins or your theme, or having a security breach in your web.

That said, the update process is not trivial. First, you have to know in what order to upgrade. For example, it would not make sense to update a plugin that serves to adapt to a new version of WordPress without having previously installed that version. But what if you update WordPress first and then you find that the plugins you have installed on your website are not prepared for this change? Precisely this has been one of the most important problems we have suffered with the new version 5.0 of WordPress.

Further, note that not all updates are always secure. More than once an update of a plugin makes it suddenly incompatible with another plugin, breaking something that was previously working well.

Seeing clearly the need to keep our website updated, let’s see how to make sure that we do it safely.

Automatic Update of the Core, Plugins, and Themes

I start from the premise that your website uses a good hosting service that guarantees you a minimum at the start. That is, you have:

  • PHP version 7.2 or greater.
  • MySQL version 5.6 or greater or MariaDB version 10.0 or greater.
  • HTTPS support.

And if that is not the case, it’s 2019! Time to find a better hosting provider, maybe? 😉

That said, let’s go to the subject of automatic updates: as you should know, after WordPress version 3.7 (October 2013), by default, WordPress automatically performs minor Core updates. This ensures that certain vulnerabilities are fixed.

So if you already installed WordPress version 5.0, you have already moved to 5.0.1 that solved security problems, to 5.0.2 that solved 73 errors and to 5.0.3 that fixed 37 errors and included 7 improvements in the editor of blocks. But when version 5.1 appears, don’t expect it to update automatically – it’s a “major” update and, as such, you have to update it.

And I take this opportunity to remind you how the software version numbering system usually works:

  • 2.0 – an update from version 1.0 to 2.0 is indicating that the software is a totally different version to the previous one.
  • 2.1 – an update from 2.0 to 2.1 is a major update in which there may be new features that did not previously exist.
  • 2.1.1 – it is a minor patch in which an error is being corrected or a security breach detected is solved. It should not imply any problem if the update is automatic.

Plugins and themes are not updated automatically by default but you have several alternatives to automate them. If you decide to automate some updates, minimize the risks making a backup of your WordPress before following the steps that we explain.

Activation in WordPress

If you have a corporate website or a blog, you want to automate the updates, and you are a risk lover, then you can add the following line in the wp-config.php file:

define( 'WP_AUTO_UPDATE_CORE', true );

In this way, your WordPress will always be updated automatically. Remember that although you should always have your WordPress updated, the automatic update of this is not without risks, as it can cause incompatibilities with your plugins.

Nelio Content

I’m so happy about Nelio Content that I will sound like a payed advocate… but here’s why you’ll love it: it works as promised, its auto-scheduling feature is top-notch, Nelio’s value for money is unmatched, and the support team feels like your own.

Panozk

Panozk

WordPress.org

View Plans

Activaction In The Hosting Service

Many hosting services have their own tools that allow you to activate automatic updates and indicate which plugins you want to be updated automatically. If you enable automatic updates for certain plugins, the recommendation is that you do so only with those plugins that don’t have any impact on the front-end. For example, these can be automatically updated:

  • SEO
  • Analytics
  • Admin tools such as duplicating posts or columns
  • Broken links testers
  • Redirections
  • Optimization of the database
  • Backups
  • Security

This way, if something fails, at least it won’t have a negative impact on what your visitors see.

The competent hosting companies backup your website before doing the automatic update in case the update is not done correctly. Their tools automatically check if your website is working correctly and if they detect any errors, they will revert the changes and notify you.

Updates with Easy Updates Manager

In the same way that there are hosting companies that have their own tools for automatic updates, Easy Updates Manager is a free plugin that you can use in a WordPress to manage the updates.

With this plugin, you have the flexibility to customize what type of updates you want to automate:

Easy Updates Manager
Easy Updates Manager Setup.

You can also tell it to notify you by e-mail each time there is a new update.

Updates with ManageWP

Another alternative to manage plugins and themes effectively is to use the administration panel ManageWP. With this tool you can manage all the WordPress sites you want under the same administration interface, similar to a native WordPress. To do this, register to ManageWP and then add and activate the ManageWP Worker plugin in all the websites you want to manage.

You can manage the backup copies and customize the core, plugins, and themes updates as you want for each site.

The most outstanding features of the free version of ManageWP are:

  • Create backup copies automatically and restore them with just 1 click,
  • Update plugins to new versions, with just 1 click, on all WordPress sites at once,
  • Update the themes of each installation,
  • Manual review of security and optimization,
  • Review and manage the latest comments,
  • Optimize the database of the WordPress installation (delete transitions, revisions, temporary …),
  • View the Google Analytics statistics for each site, and
  • Consult performance and positioning reports.

In addition, from ManageWP, you can access the Dashboard of each WordPress with a single click, saving you having to access the URL of each of them. And with the premium plans you can also make backup copies on a regular basis as often as you indicate or automate the security check and optimization among other features.

Manual Update

Finally, if you want to stay calm and make sure that an update doesn’t break anything in your WordPress, you always have the option of doing it manually with your supervision.

As you know, in the WordPress Dashboard , you are informed at all times of the updates that you have pending to install on your site.

Pending updates
You’ll see the number of pending updates in your Dashboard. For instance, in this screenshot there are three.

Remember that we have already said that it is not advisable to go just update everything. The safest way to make any change to your website is to have a hosting service that offers you a staging environment and a production one; so you can make changes in staging quietly while the production environment is responsible for serving your users. When everything works correctly in staging, you can copy it to production.

But if you do not have this service, then the first step is to create a new backup .

Manual Core Update Via FTP

In the case that you are going to update the Core, WordPress recommends that you first deactivate all the plugins that you have installed. You can do this easily by selecting them in the list of plugins, marking them all and applying the option of Deactivate .

#1 Replace WordPress Files

  1. Download the file of the latest version of the Core and extract the package locally on your computer.
  2. Then access your files via FTP. Delete wp-admin and wp-includesdirectories.
  3. Via FTP, upload the new directories that you have extracted and have in the local wp-admin and wp-includes.
  4. In the case of the files in the wp-contentdirectory, do not delete or overwrite this folder.
  5. Next, copy the rest of the files overwriting the ones you had.
  6. And finally, check wp-config-sample.php in case you have to make any changes to your wp-config.

#2 Update the Installation

  1. Once the files are updated, go to the WordPress Dashboard. If there is a need to update the database, WordPress detects it and will show you the link that takes you to/wp-admin/upgrade.php. Follow the link and complete the steps indicated to update the database.
  2. You only have to go back to the list of plugins and reactivate them all. You can do it all at once or, alternatively, one by one while checking that everything is still working as expected.

#3 Clear the Cache

Don’t forget to clear the cache to finish the process of updating the WordPress Core and make sure that all your visitors are accessing the latest version of your WordPress.

And If A Problem Arises…

If there is a problem in the WordPress Core update, in the WordPress Codex they explain in more detail the whole process in more complex cases and the most common problems you can find and how to solve them.

Updating Plugins

Updating plugins, in principle, is much simpler. Just remember to make a backup first!

As you know the update of plugins and themes that are in the WordPress Directory you can do it directly from the Dashboard of your WordPress. But before updating any plugin, I recommend you read its Changelog where you can see if it is a major update or a patch with small changes.

Remember that the version number is a good indicator of the type of change that this update supposes. If it is a major change, look carefully for any new errors or incompatibilities this new version might have introduced.

In most cases the only way you’ll discover whether things work as expected or not is by giving the new version a try. So the best recommendation for major changes is to first test it in a staging installation and after seeing that everything works, make the change in production.

Updating Themes

The update of the theme of your website can be a bit more tricky since any type of customization that you’ve made to the theme or modification in the settings can be lost. So before encouraging you to update a theme, keep in mind the following:

  • Understand what kind of change it is.
  • Keep in mind any changes you applied to the theme will be lost after updating it, unless you applied them in a child theme.
  • If the new theme has new identifiers and classes in the HTML, your stylesheet may stop working.

Conclusion

Keeping a WordPress site up to date can sometimes seem like a cumbersome job. Do not procrastinate. It’s necessary for the safety and proper functioning of it. So don’t skim on time and resources to make sure your website is updated correctly and sleep more peacefullly. ?

Imagen destacada de Wes Hicks en Unsplash.

Leave a Reply

Your email address will not be published. Required fields are marked *

I have read and agree to the Nelio Software Privacy Policy

Your personal data will be located on SiteGround and will be treated by Nelio Software with the sole purpose of publishing this comment here. The legitimation is carried out through your express consent. Contact us to access, rectify, limit, or delete your data.