Did you know how important it is to keep your WordPress blog updated?
Not keeping my site update caused it to be hacked once, and the extra work it took to it back to life far outweighed the time it would have taken to do a simple update.
Fortunately, it was a lesson I needed to learn, and since then I have been very vigilant about applying all the latest updates as soon as possible.
Disclosure: This article may contain affiliate links. When you click these links, I may get a small commission. It won’t cost you anything, but it helps me to run this site. I only promote products and services that I think are great. I have worked as a WordPress developer for over a decade, and I use my experience to judge whether a product is worthy, so you can be assured that I always have your best interests at heart.
Here are the top reasons why you should keep your site in tip-top condition with regular updates:
Your site is more secure
Did you know that 84% of sites hacked are due to out of date WordPress core, themes or plugins?
The problem with security updates is, once released, the developer will publish the fixed security loophole along with the update. Hackers will then use this information to help them hack into sites that haven’t yet applied the update.
You get to reap the benefits of the improvements
If you don’t update, then you don’t get the latest bells and whistles that the developer had added, which of course you may have paid money for, so it makes sense to keep up to date.
The longer you leave updating WordPress the more troublesome updating can become
As time goes on the number of plugins requiring an update can mount up.
When you come to apply the updates there could be a mountain to do, which will a) take longer to complete and b) more likely result in multiple issues that need dealing with all at once.
If you find your site no longer works as expected after an update, it is far easier to know which plugin caused the issue if there were fewer plugins to update in the first place.
You get to keep your hosting account!
Your hosting provider could suspend your account if WordPress is not kept up to date!
If you have a good responsible host like I do (I host at Kualo), then they will most likely stipulate that you keep WordPress up to date at all times.
If you are on a shared hosting plan, having an out of date WordPress site makes you a bad neighbour to other sites who share the same server. Hackers could potentially use a known security flaw in your website to compromise the entire server.
Always take a backup before you update WordPress
It’s great that there are so very many plugins and themes available for WordPress. If you can think of it, there is probably a plugin for that!
Unfortunately, this wealth of plugins and themes creates a bit of a nightmare when things go wrong. Plugins are not always kept up to date with the latest WordPress core, or they become incompatible with other plugins, or new versions simply are not tested enough and are released with a bug or a security flaw.
With that said, it is extremely important that you back up your whole WordPress site before you do any updates. Not doing this could cause extended downtime which we always want to avoid.
Plugin conflicts and bugs and can also be responsible for something that I have come to know as the white screen of death. Sounds horrible, doesn’t it? Although with the new PHP error protection in WordPress 5.2 this is now less likely to happen, which is great news.
Before you click any update buttons, head over to my post and find out how to take a backup, it’s very easy, honest!
How to know that WordPress updates are available
If updates are available you will see an Updates link with a number, and another icon with a number in the top bar. Click either of these icons to open the updates page.
How to update WordPress
1. Update the WordPress core first
- Click on the Updates button at the top of the screen (shown by the arrow in the picture below).
- If it’s time to update WordPress core you will have something like this on your updates screen, with a blue Update Now button.
Click the Update button and wait while the update completes.
- When the update is complete, you should see a Welcome to WordPress message.
- Now test your site. Is everything working as you expect?
- If it all works, then great, otherwise note down what is wrong, and then consider restoring the previous version. Restoring from backup is covered in my post: How to Take a WordPress Backup.
2. Update Plugins and Themes
When you have updated WordPress core, it is time to update the plugins and themes.
I recommend you start with themes, as theme update are less likely to cause any issues.
- Tick Select all
- Click Update Themes
- Wait while themes update
- Click Return to WordPress Update page to continue updating.
- This time tick Select all in the Plugins section and then click the Update Plugins button.
- If you have a lot of plugins to update it is a good idea to update just one or two at a time, check your site and then continue, because it will hard to know which plugin is the culprit should you have a problem later on.
- Wait while the updates complete.
- This can take some time if you have a lot of plugins to update.
- When complete you should see this screen:
- Test your site to make sure it works as expected.
- That’s it!
How often should I update WordPress?
There is not a definitive answer for this, because not all updates are critical.
My personal preference is to update once per week. For a busy WordPress site with a lot of plugins, this usually enough. If you have fewer plugins, you could extend the time between upgrades.
WordPress will automatically apply minor updates by default, and it is a good idea to leave this turned on because these will be security related updates rather functional changes.
Major updates need to be manually applied, unless you use an extra plugin, see below for more details on that.
Do bear in mind that the longer you leave a WordPress update, the more time a hacker has to get into your site and do it’s worst!
My site has been hacked only once, and the reason for the hack was because I had put off updating WordPress. The time it took to fix was much greater than the time it would have taken to do an update.
How to automate WordPress updates
If you do nothing, WordPress will automatically apply minor release updates. These will be security and maintenance related patches along with updates to translations.
I think it is a good idea to leave automatic updates turned on because this type of update is very unlikely to break your site. The added security benefit far outweighs the risk of breakage.
How to turn off automatic WordPress updates
If you don’t want WordPress to automatically update itself you can disable it. Remember that these updates will be only minor ones, major updates must be initiated manually.
Unfortunately, you have to make a code change. Add the following line to wp-config.php:
define( 'WP_AUTO_UPDATE_CORE', false );
If you are not comfortable editing code, don’t worry because there is a free plugin to help called Advanced Automatic Updates.
Once you have installed the plugin head over to Settings->Advanced Automatic Updates, from there you can select which parts of WordPress you want to be automatically updated, including major versions.
Note that the plugin will only update plugins and themes downloaded from the official WordPress.org repository. Any third party themes and plugins will have to be manually updated.
Do be aware that this plugin does not take a backup before a WordPress update, doing updates this way could potentially result in a broken site.