WordPress is the most popular Content Management System, or CMS, with over half the CMS market. That’s a pretty good endorsement for it, but it also means it’s a bigger target for hackers. Because of this, updating your WordPress website is just as important for site functionality & security as updating your Windows computer.
There are three main areas that you need to check: plugins; WordPress version; and themes. Most frequently, new versions will be available for your plugins.
When to Update
I generally recommend setting a time each week to check on your site. It’s kinda like taking out the trash, it doesn’t take long, and it prevents some smelly problems.
If weekly is really killing you, monthly works pretty well too for simple sites. Any less often than that and you’ll probably be forgetting too much of what goes on.
Before you Update
Before you update, you should always make sure that you have a backup of your website (and can restore it if needed). Very rarely does anything go wrong, but better safe than sorry. If you need help getting started backing up your site, read my tutorial on Backing up WordPress with BackWPup.
If this already is sounding daunting, check out our Maintenance services.
Where to Look
When you are logged into your WordPress website, you will have an admin bar at the top of your screen. This bar has a number of useful features, including an area which announces when an update is available.
Word of Warning: Most updates appear in your admin bar, however certain premium themes and plugins will have to be checked for manually.
This is how your admin bar will display when you have no updates.
When you do have updates that need to be installed, a circular refresh symbol and number will be added to your admin bar between your blog name and if the comments symbol. In this case there one update available.
To view which items need updating, click on the circular refresh symbol. This will bring up the WordPress Updates screen.
At the top of the screen is the last time WordPress checked to see if anything needed to be updated. WordPress checks on a regular basis.
The next item will be information about your version of the core WordPress. Right now it shows that the site has the latest version.
Next is Plugins. This is the most frequent area that you will see a need for an update. Right now it shows that there is a more recent version of one plugin and has options for you to update to the current version.
The last item is theme version. It shows that you have the current version.
Some plugins (specifically those from 3rd parties like CodeCanyon and those acquired directly from a developer) will not show that they need updating in the main WP updates screen. For these plugins you will need to manually check their versions. I recommend that you keep of a list of all plugins that you didn’t get from the main WordPress repository, as those will need to be checked manually.
If you had a developer build you a site and they aren’t maintaining it for you, there are a couple of things you need to do:
Check to see if there’s actually any security installed (hint: if there’s a user with the name “admin” your developer knew NOTHING about WP security), if not you’ll need to setup some security or get a maintenance plan with someone who actually cares about security.
Go through every plugin and determine if it came from the WordPress repository or from a 3rd party (some developers are notorious for installing plugins with no license for getting them updated)
Updating from Plugins Screen
On the Plugins screen you will see a few pieces of information. First, at the top of the screen it will list how many updates are available. Then for each plugin which has a new version it will display a yellow notice. The notice will include a link to details regarding the new version and it will include a link to update the plugin now.
I frequently prefer to get the newest version of Plugins one at a time. So I click on the “update now” link for each plugin individually. This does take a little longer, but if something goes wrong, I know which plugin was the problem. If you only have one plugin which has a new version, this isn’t an issue.
Once you have selected a plugin to update, you will see an “Update Plugin” screen. This will tell you the steps as they happen. When updating an active plugin, you need to remain on this screen until you see both “Plugin updated successfully.” and “Plugin reactivated successfully.” Deactivated plugins will not display a “reactivated” message. If there is an error it will be displayed here.
Checking & Updating 3rd Party Plugins
Cautionary Tale: The best known example of a 3rd party plugin is Revolution Slider.
This is the #1 selling slider plugin and it’s very powerful. A lot of theme developers (you those thousands of themes you see on ThemeForest) use Revolution Slider in their themes since it’s so popular. However the downside is that when you get the plugin free with the theme, you don’t get updates (well you *may* with new theme versions, but no guarantees).
Revolution Slider, thanks to its popularity, has become a target of hackers. Especially since very few people ever update it. Basically this means that if a hacker can find a vulnerability with a version over a year old, they can still hack thousands of sites.
So, how do you check these plugins for updates?
Unfortunately, the old fashioned way. Manually.
Go to your plugins screen and look at the version number of the plugin. Then go to the developers site (or if no link is provided, google the plugin name, that typically gets you the developer within the first couple of hits) and check to see their current version. If you don’t see something obvious you can do a page search (Ctrl + F) for the word “version” or “revision”. Also you can look for “release notes”. Typically one of those will yield you the current version number.
Compare the current version you find on the developer site with what you have. If the developer lists a more recent version, you should probably update.
If it’s a premium plugin that came included with a theme, you can see if the theme has been updated and includes the most recent version for you (note that you may need to manually install that most recent version). If you don’t want the hassle of manual updating or you can’t find a recent copy of the plugin, you’ll need to purchase a license. For Revolution Slider that’s about $20.
If your premium plugin didn’t come with a theme (for example a developer included it as a “gift” without a license code), then you will probably need to purchase a license to get updates. Depending on what the plugin is that could be anywhere from $10 – $300 bucks. Some plugins even have licenses that expire annually (they are the gift which just keeps on giving).
Instructions for entering license codes vary by plugin, but I can’t think of a premium plugin from a reputable company that didn’t include directions on how to enter your license code. The good news is that once your code is entered, updates normally show up in the main WordPress updates screen.
WordPress releases updates to the core WordPress files every few months and it is important to make these updates. As well as getting new features, updating your core files also means you get any new security patches.
When a new version of the core files is available, you will see a yellow notice at the top of your WordPress screen when you login. And this notice will continue to show up on many of the internal pages. All you need to do is click on the notice and you will taken through the steps to update. Remember to backup your database and files first.
Seriously, you need to back up both together. Some core updates upgrade your database, which means it could not be compatible with an older version of the core files.
Most theme authors provide new versions to their themes from time to time. Prior to installing these updates it is very important that you read the release information. Also make sure to check out a live preview of the updated theme, the developer may have made some significant visual changes. Depending on which files were changed, it may affect the settings and changes you have made to the theme.
If you (or your developer) have made changes to the theme files (they are supposed to be made in a child theme, but not everyone follow that guideline), all of those changes could be lost on updating to the new version. If you have made a lot of changes to your theme, it may not be in your best interests to update. However, if there have been significant updates for security holes, you need to look at how you can get those updates.
If your theme is a paid theme the update may or may not be included in the price that you paid (especially if the theme was included in a website built for you by a developer). In order to get the new version you may have to pay additional money (some are one time purchases, some are yearly subscriptions).
There are two ways to update to a new version of a theme. Some themes are housed in the main WordPress Themes Directory. These can be updated directly in WordPress with just a few clicks.
For themes acquired elsewhere, you will need to go to the author’s site (or your web designer) and get the theme there, then upload it to your site. This is sometimes not a straightforward process and you may need assistance with it. Good authors will provide detailed instructions.
Frequently paid themes will include API keys which once setup allow you to update the theme with just the click of a button.
Leaving a WordPress site alone without any updates is about like leaving a Windows computer in a high school library with no updates and no antivirus. It’s just asking for trouble. So make sure to keep your site up to date and safe (remember just like Windows needs antivirus, WordPress needs security measures).
Need help maintaining your site? We offer Maintenance services.