Been burned by a WordPress update in the past? Worry that something will irreparably break each time you follow that little orange bubble to the update button? Follow this short guide to make sure you update WordPress safely and without fear of weirdness compromising your hard work!
Do I Really Need to Update Every Single Time One is Available?
Short Answer: Absolutely, yes.
Why? To give you an idea: Sucuri, a global leader in website security, released its regular quarterly security report for the 1st quarter of 2016 a few months back. Its findings are very telling:
WordPress is leading the CMS market with over 60% market share… This user adoption however brings about serious challenges to the internet as a whole… out of the 11,000 + infected websites analyzed, 75% of them were on the WordPress platform and over 50% of those websites were out of date.”
WordPress updates often include security patches. 4.6.1 for example, the most current at time of writing this, patched two important security vulnerabilities. If you’re not on 4.6.1 right now, there are two known exploits a hacker could use to exploit your website. Right now. Go update! 🙂
Update WordPress Safely!
Step 1: Backup Your Site
No piece of technology is perfect, and there’s never a 100% guarantee that everything will run smoothly. A good backup of your WordPress website is a good thing. If anything does go wrong, you can simply roll back to the backup and everything is well again while you snoop around to figure out what went wrong. Because this is WordPress, backups are super easy with the right plugin. Here’s a few to take a look at if you’re not using one already:
Step 2: Deactivate Your Caching Plugin and Clear the Cache
If you’re using a caching plugin like WP Super Cache, W3 Total Cache, WP Rocket, etc, deactivate it now. You want your cached pages to reflect post-update pages, not pages from before or during the update.
Step 3: Update Plugins and Themes
Having updated plugins is every bit as important as keeping WordPress core updated. In the Sucuri security report cited above, 25% of all hacked WordPress websites were hacked via one of the same three out-of-date plugins each time!
When you update your theme, keep in mind that you will lose any custom changes unless you have saved those changes in a child theme. If you don’t know what a child theme is or how to implement one, be sure to read up on how to create and use a child theme asap!
Step 4: Update WordPress
You’re now ready to update WordPress safely. In your WordPress Dashboard, you can update/check for updates in Dashboard>Updates. I’m up to date in this screenshot, but if you’re not then you’ll see an option to update here:
Step 5: Reactivate Caching and Test Your Site
The title says it all. Turn caching back on so that your plugin grabs a copy of your updated pages, and take a stroll through your site to make sure everything is in good working order. If anything minor went wrong that is easily fixed, troubleshoot. If the sky fell, you have a backup to roll back to without missing a beat.
And now you know how to update WordPress safely! Nonetheless, it’s always a very good idea to have a testing or staging site to experiment on before performing updates. Even better than the security of a backup, you can clone your website and update the clone. If something breaks, you know to hold off on updating your live site until you’ve worked out the issues. Look for an article on the importance of a local testing clone site and troubleshooting tips for upgrade issues coming soon!