If you’re not running the latest version of WordPress, then you’re putting your website at risk. Hackers actively target sites that have fallen behind with their updates, but installing a new release could cause errors and incompatibilities on your site, too. You might sometimes feel like you have to choose between security and uptime.
Fortunately, by taking a few precautions and using our ManageWP Safe Updates, you can have the best of both worlds. With a backup in place, you can quickly restore your site if something goes wrong, then fix the problem so you can upgrade your WordPress version without fear.
In this article, we’ll explore why you should always install new versions of WordPress as soon as they become available. We’ll then share the secret to updating the platform safely. Let’s get started!
Why it’s important to update WordPress
WordPress powers well over 30 percent of websites, which makes it a popular target for hackers. In fact, approximately 86 percent of sites are compromised due to an outdated plugin, theme, or WordPress version.
WordPress is open source, which means anyone can study its code:
This is what enables developers to create such amazing and valuable plugins and themes, as well as contribute to new core features. However, it also lets hackers find security loopholes.
New versions of the Content Management System (CMS) routinely include security patches for known vulnerabilities. If you don’t update all your site’s components, you’re leaving the door wide open to hackers.
New releases of WordPress also sometimes introduce performance improvements and new features. You should assume that your competitors are already reaping the benefits of these innovations. If you don’t update to the latest version, then you’re putting your website at a significant disadvantage.
Finally, new releases of WordPress often address bugs and incompatibilities with third-party themes and plugins. If you’re experiencing issues with a theme, plugin, or any other add-on, then check that you’re using the latest version of each extension and the CMS.
Potential drawbacks of WordPress updates
Despite the benefits, installing a new version of WordPress isn’t always straightforward. Although it’s rare, you may encounter data loss, errors, or even a broken website following an update.
Updating WordPress core can sometimes cause conflicts with essential themes and plugins. We saw this recently when a jQuery conflict in WordPress 5.5 reportedly caused issues with around 2,400 WordPress plugins.
Since many themes and plugins are developed by third parties, there’s no guarantee they’ll be compatible with the latest version of WordPress. Ideally, developers will be monitoring key resources such as the WordPress roadmap and Make WordPress Core to prepare for future releases, but this isn’t always the case.
Many WordPress themes and plugins are distributed for free. They’re also often maintained by a small team or even an individual. It’s unrealistic to expect the same level of attention that you’d see with paid software that’s maintained by a large team of salaried developers.
Some developers don’t have the time to prepare their projects ahead of each new release. Others may abandon their themes and plugins when other commitments get in the way.
The official WordPress Plugin and Theme Directories display the date when each extension was last updated. Different types of software require more frequent updates than others. However, if a plugin or theme hasn’t been updated in six months to one year, then that project may be abandoned:
On top of the fact that they’re more likely to conflict with the latest version of WordPress core, outdated plugins and themes pose a huge security risk to your website. We always recommend you replace abandoned tools.
How to update WordPress – without fear
There are a variety of ways that site owners and managers keep their WordPress websites updated while also preventing errors and downtime. Some wait to install new versions of core, themes, and plugins until they’ve tested them in a staging environment. However, in the meantime, their data is still vulnerable.
Another option is to maintain regular backups (a vital best practice anyway) and restore your site if it breaks after an update. This still results in several minutes of downtime during the restoration process.
We created ManageWP’s Safe Updates feature to take the stress out of updating WordPress as well as plugins and themes:
It automatically creates a restore point before installing any updates. If your website server receives an HTTP response that indicates an error, then ManageWP will automatically roll back to its restore point. You can also customize this feature if required.
Safe Updates will also create snapshots of your website before and after each update. As the website owner, you can compare these images and reject the update if an element broke as a result.
This gives you the opportunity to resolve any underlying issues that are conflicting with the update without disrupting your website. Once you’re finished troubleshooting the problem, you can re-attempt the installation.
Before you can perform Safe Updates, you’ll need to activate ManageWP’s Premium Backup feature. This feature ensures that a recent copy of your site is always available.
Mastering ManageWP’s Safe Updates
Here’s a quick look at how to initiate a Safe Update. Simply log into your ManageWP dashboard and select the website that you want to update. You can then hover over the Update All button and select Safe Update:
The Safe Updates process will start automatically, and carry out the following steps:
- Create a restore point. This is a snapshot of your website in its current state. If ManageWP encounters an issue, it’ll roll back to this point.
- Schedule the update. You can choose a date and time to perform the update. To minimize disruption to your visitors, we recommend scheduling updates during low traffic hours.
- Send an HTTP request. If ManageWP doesn’t receive a 200 OK response, then it’ll stop the update.
- Create a ‘before’ screenshot. ManageWP performs update verification by comparing before/after screenshots of a specific page. By default, it will use your website’s home page, but you can nominate an alternate if you wish.
- Update WordPress core. The latest version of the CMS will be installed.
- Send another HTTP request. If ManageWP receives an HTTP response in the 400–599 error range, then it will restore your website automatically.
- Create an ‘after’ screenshot. Once the update is complete, you’ll see a notification in the ManageWP dashboard. You can then compare the before and after screenshots by clicking on Compare. If you spot any inconsistencies, then you have the option to roll back the update.
- Accept or reject the update. If you’re happy with the update, then click on OK. Should you spot an issue, click on Restore. You can then troubleshoot the problem and try the update again.
If you manage multiple websites, you can also use Safe Updates to schedule updates in bulk. ManageWP will then upgrade all of your websites and notify you when they’re running the latest version of WordPress.
Updating to the latest version of WordPress is vital to the security of your site. However, updating WordPress core can cause issues with your site, particularly if you’re using third-party themes and plugins.
By using Safe Updates, you can install the latest version of WordPress without fear by creating a restore point. If you encounter any issues as a result of the update, then you can roll back to this point. To minimize disruption to your visitors, you can even schedule your updates to happen during periods of low traffic.
Do you have any questions about how to update WordPress safely? Let us know in the comments section below!
Image credit: Unsplash.