Updating WordPress plugins is an important part of website security but it can potentially have negative results. That doesn’t mean you shouldn’t do it, it’s vital to the proper maintenance of your website that you do because the vast majority of hacks to WordPress websites occur due to out of date software, but it’s important to take certain steps when you do. Here’s the process we recommend for managing and updating your WordPress website.
When should I update plugins?
Not all updates are alike. Broadly speaking there are 3 types of changes involved when updating WordPress plugins: fixes to bugs, addition of new features, and patches of security flaws. How quickly, and often, you should apply the updates varies based on which type of changes the particular updates contain.
Fixes to bugs are desirable, but if the bugs being fixed don’t currently have any effect on your website then there’s no immediate need to change that.
Additional features are good, but if you don’t want them then again there’s no immediate need to update.
Security flaws however are of critical importance, when one is identified your website might immediately become at risk of being hacked, so these should be applied rapidly as soon as you know about them.
For bug fixes even if they’re not apparently effecting your site I’d recommend updating once a month as they may go on to cause problems for you (or may go on to be discovered to cause a security issue. Feature additions could be applied immediately if you want the new features, however I would recommend leaving feature-only updates for a few weeks so that there’s a greater chance that any bugs in the new features have been fully ironed out. Where there is an update with both security changes and other changes be sure to update rapidly as security should be of the primary concern.
What’s the first thing I should do when updating?
Backup, backup, backup! (Well, one new backup not 3, but you get the message). There are a variety of ways and plugins to do this, Updraft Plus is one good plugin for the job, but make sure it’s done so that if the updates do cause any problems at all there’s a saved copy of the site for you or a technician to restore the site from if necessary.
As standard backups are typically stored on your web hosting but if you’re automatically running backups they should ideally be stored ‘off-site’ (meaning they’re stored in a different location to the website so they’re safe if the web hosting itself is hacked and messed up. It’s worth considering a ‘cloud’ location as this has almost no risk of the ‘physical’ location suffering a hack or disaster which destroys your backup).
..and once I’ve backed up I just click ‘Update Now’ on the Plugins screen or ‘Update Plugins’ on ‘Dashboard > Updates’, right?
Almost. Firstly it’s advisable to click ‘View version xxx.xx.x details’ for the update which will show the ‘Changelog’ with details of what the update contains. This can help you decide if the update is needed straight away.
Also if you’ve already been through the process of applying all the updates and your website then suffered a glitch as a result it’s worth reviewing the site after every individual update (and keeping a note of which versions you’re updating from & to) to help in identifying which plugin has caused the glitch. It’s not necessarily an issue with a single plugin, plugins can sometimes ‘conflict’ with each other to cause a problem.
What if something has gone wrong after an update?
You can either look to resolve the issue yourself or you can bring in experts (like us, hint hint 😉 ) to look into it for you.
If you’re looking to resolve it yourself (and you don’t know how to analyse the code your website is running by yourself) and you know which plugin caused the problem your first port of call should be the ‘Support’ section for that plugin as found on its page on WordPress.org (for UpdraftPlus, for example, that would be https://wordpress.org/support/plugin/updraftplus). Bear in mind though that these are free ‘Open Source’ plugins and as such support there is only going to be voluntary community support or free support from the plugins developer so you’re not necessarily going to get an immediate resolution to your problem (and it may involve your doing some guided technical work yourself). If it’s a paid ‘premium’ plugin then their support section should help you (as it’s updates and support that you’re essentially paying them for).
If you’re not sure exactly what update(s) caused the problem then a general search of the WordPress.org support forums may turn up a solution (or a general search on Google wouldn’t hurt).
If you’re in need of an expert to fix things up for you though we’d be glad to help so feel free to get in touch, or if this all sounds a bit too technical and you’d like professional management of your website to take care of all the updates and keep it secure why not take a look at our WordPress Management Plans for a maintenance package that can do all that for you and more!