WordPress is ubiquitous — it is the codebase for around 30% of the world’s websites.* It is powerful, flexible, and useable enough for most purposes, for most website owners.
*You can find more random details if you need to justify choosing WordPress.
Background: Why Updates Are a Good Thing
WordPress frees website developers and operators to focus more on their content and less on all the code. But the code can’t be entirely ignored, because…
- New features get added to the main part of Wordpress, its core.
- The WordPress community discovers software bugs and releases patches to fix them. Those should be installed on every affected website.
- Hackers discover weaknesses and begin exploiting them until the community responds with fixes.
- WordPress websites use software add-ons called plug-ins. They can become incompatible, or broken, after updates to the web server or the WordPress core, so their developers release updates.
- WordPress themes — the files that give a website its visual look-and-feel — need updates for similar reasons.
…and so on.
That’s Not the Problem.
It is not difficult to update a website’s WordPress core, plugins, and themes. The challenge for many owners is doing them regularly, without fail, and over the long haul. It’s another task on the to-do list and it never goes away.
But that’s a matter of self-discipline, not of technical difficulty. For those who will be performing the updates, we offer two guiding rules:
- Do them regularly.
- Do not interrupt them while they’re happening.
We’re sure there are more guidelines, but those two top our list at External Design and Pan-Pacific Web Works.
A. How often should you check for updates waiting to be applied?
If you keep your ear to the ground and hear news of a critical update, it’s often best to install it right away — whether to seal off a vulnerability before a bad actor takes advantage of it, or to gain the benefit of new features the update might provide. But most website owners aren’t tuned in to the developer world so they don’t hear the rumble of that oncoming train.
Most people learn about pending updates by logging into their website to check — it appears as a number in a menu that’s seen by site Administrators. There is no one answer to how often to check, it depends on the website and too many other variables to count. As just one example, we install routine WordPress updates for sites that subscribe to our Hands-Free Pro hosting plan, and it’s typically sufficient to check for them a couple of times per week.
B. Start it and step away. (Or else.)
Starting the update process is simple: just a couple of clicks, really. And the system will display a friendly message when the process is complete.
Wait for that message before refreshing your browser window or navigating away. Otherwise, you might discover the White Screen of Death — no content, no menus, no design… and the Back button doesn’t help. Does that get your adrenalin up? You’ll be even more distraught when you learn it’s also what the public now sees instead of your site.
If it ever happens, you’ll likely want to ask your web host’s support staff to restore the most recent full-site backup. If they make one! Some of our clients enjoy a hosting plan that includes free full-site backups daily, but not all hosts do, or they take time to restore them, or their tech support doesn’t respond and you’re on your own. Take the time to learn your web host’s site-backup policy before you need it urgently.
Simply put: once it’s started, don’t rush the WordPress updating process. It usually requires only a minute or two. If you are impatient to get on with other things, open a different browser window.
The Updating Process, Step by Step
Every WordPress website has a log-in page. You will need to log in there using credentials that give Administrative access.
Step 0-a. Verify that a full-site backup has been made recently and that it is available to be restored. Just in case! You can proceed more confidently when you know there is a safety net. Learning how to make backups is a good skill to learn, especially if they aren’t provided automatically by your web hosting provider.
Step 0-b. Choose a time of day when traffic to your website is low. The update process is typically not noticed by visitors, but a brief outage — hopefully just seconds — would not be surprising.
Step 1. After logging in, the top Admin menu will show the number of updates (if any) ready to install. Click that to display the WordPress page for applying updates.
Click the update-number shown in the top Admin menu — or use the side menu’s Dashboard > Updates selection — to show the page dedicated to installing updates.
Step 2. On the resulting Admin page, choose the plugin updates you wish to install — typically, all of them — and use the Update Plugins button.
Step 3. WAIT for the process you started above to complete before doing anything else. WordPress will display a message when it is done.
Step 4. (You might have to click a link to “Return to the WordPress Updates page.”) Check the box for the theme updates you wish to install, if any are listed. Again, it’s best to keep all themes up to date, even those the site isn’t actively using.*
*Note: in general, it is considered poor practice to leave unused software components on your web server. The many good reasons for this include (a) reducing clutter and thereby making future maintenance simpler, and (b) not leaving unnecessary files where bad actors might find and exploit them.
Step 5. WAIT for any remaining updating processes to complete before you move on.
Step 6. TEST the website to ensure that all is still in good working order.
Not all important updates are detected automatically. For example, some premium plugins and themes must be downloaded from their vendors’ websites and installed manually. In those cases, a site owner typically hears about a new update directly from the vendor, instead of in the WordPress admin menu. The website owner might have purchased a license to use the software and one might have to enter a license number or code when installing such updates. The vendor should provide details if special treatment is needed.