The Definitive Guide to Updating WordPress Core, Themes and Plugins

WordPress powers over 25% of all websites for a reason: it’s open source, supported by a huge community, and almost infinitely extensible. However, with great power comes responsibility and risk – WordPress is a target for hackers, due largely to its popularity.

Fortunately, WordPress can be a highly secure platform if you maintain your installation. And one major element of security is updates – including WordPress ‘core’ itself, plus themes and plugins.

With the above in mind, in this article we’re going to cover everything you need to know about updating WordPress core, themes, and plugins. We’ll start by explaining in greater detail why keeping everything updated is so important, then take you through the best process for updating.

There are three main reasons to stay on top of updates:

1. Innovation: The pace of innovation within the WordPress ecosphere is astounding. Without staying on top of updates, your site will fall behind and you’ll be unable to tap into updated and additional functionality.

2. Compatibility: With innovation moving at such a pace, plugins that aren’t kept up to date will tend to suffer from compatibility issues as you update WordPress. Put simply, your site may stop working as it is intended to do if you do not keep up with updates.

3. Security: Major WordPress core updates can address security-related issues. When these updates are released, the security ‘holes’ that have been plugged up become common knowledge, which means that nefarious types can take advantage. What was previously a potential problem can soon become a foregone conclusion if you don’t keep WordPress updated.

This may all sound rather intimidating, and perhaps even put you off from using WordPress, but these are problems that you will encounter when using any Content Management System. Transferring to a less functional and user-friendly option to avoid having to update is folly, especially when you understand just how easy it is to update WordPress core, themes and plugins.

Before rushing to hit update, there is one important step you must take: back everything up!

Backing up your database and WordPress files before updating anything means that, if something untoward should happen, you can roll everything back to the old version and get your site back online in minutes. (For peace of mind, it’s worth pointing out that a core update is highly unlikely to ‘break’ your site, and the same can be said for any themes and plugins from reputable developers.)

Fortunately, there are a few plugins that can help make your life simple on the backups front. The follow three plugins will help you setup backups on an ongoing basis, then automatically send them to your file storage of choice:

I mentioned that backing up is the step you must take, but there is one other item of consideration depending upon how adventurous a WordPress user you have been: custom code. In other words, have you been tweaking any theme or plugin code? If you have, that data will be lost upon updating.

The time is now to make amends for your roguish coding ways and make your tweaks the right way. In a nutshell, create your own plugin (it’s easier than you think!) or use functions.php for custom code, and create a child theme or utilize a sensible location for custom CSS (like Jetpack’s Custom CSS module) when it comes to tweaking your themes.

By this point you should have (1) a backup of your site available, and (2) no custom code floating around in vulnerable places, which means that you’re ready to update. So, let’s get to it!

Updating WordPress core, themes and plugins couldn’t be an easier (unless it were entirely automatic, and we’ll get onto that shortly). Simply click on Updates from under the Dashboard menu in the sidebar, and you’ll be presented with an option to update WordPress core, themes and plugins in one click:

It really is just a point and click affair, but for a detailed step-by-step guide on upgrading WordPress, check out these Extended Instructions.

It’s worth saying at this point that, in an ideal world, you’d update to a ‘staging’ environment (i.e. a copy of your live site inaccessible to the public) to check that everything’s hunky dory on the updates front before going live. Depending upon the size of your site and the potential fallout of any update-related issues, this could be something worth considering. If you’re interested and would like to learn more, check out this excellent tutorial courtesy of WPBeginner.

In a nutshell, once you’ve updated WordPress core, themes and plugins, you need to check that everything is working correctly. It is very important to always clear the various forms of cache to ensure you are viewing the latest files.

You can wait for your users to tell you if something’s broken, but I wouldn’t recommend it! That said, this advice is more pertinent to sites with extended functionality, by which I mean everything from contact forms to fully-fledged e-commerce sites.

The simplest check is to simply browse through your site and make sure that everything ‘looks okay’, but ideally you’ll go into a little more depth than that.

It’s up to you how far you take your testing, and the importance of any given element’s functionality should be your guide. For example, if you run an e-commerce site, I would personally recommend that you go through the checkout process to ensure that visitors can still buy items from your site.

It’s ultimately up to you. If you’ve updated to the latest version of WordPress and are using highly rated and regularly updated themes and plugins, you’re unlikely to run into any problems.

Now, what if something has gone wrong?

When it comes to functionality, it’s almost invariably a plugin-related issue (WordPress core developers aren’t in the habit of breaking things majorly when it comes to updates). Depending upon the nature of the issue, you may be able to guess the culprit (for example, if your contact form is broken, it’s likely that there’s an issue with your contact form plugin), in which case, you can deactivate it. Otherwise, you should deactivate and reactivate each plugin in turn until you discover the offending plugin.

Once you’ve identified the plugin causing the issue, you have a decision to make: ditch the plugin and find a better alternative, or roll back to a previous backup and contact the developer for further information (they may well have a fix on the way). As a rule of thumb, if you’re looking at a plugin that hasn’t been updated in months, it’s probably best that you move on. Checking out reviews on WordPress.org can also be a good indicator (i.e. are other people having similar issues?).

All of the above may sound like a real headache, but in reality, you’re unlikely to have to take many (if any) of the above steps. The vast majority of the time it will simply be a case of clicking ‘Update’ and moving on with your day. The alternative – not updating core, themes and plugins – is an absolute no-no, for reasons already covered.

Now, what if you want updates to simply ‘happen’, without any intervention on your part?

You’ve got a few options. Before we get onto them, it’s worth saying that automatic updates carry risk; if something does break, you may not catch it immediately. It’s ultimately a convenience versus functionality debate that you need to have in your head.

Here are the three best options for automatic updates:

Jetpack. Developed by Automattic, this plugin provides a wealth of functionality. You may well already have it installed, in which case, you just need to activate the Manage module for automatic plugin updates.

WP Updates Settings. This fantastic plugin gives you control over just about every element of WordPress updates. This is what you want if you’re looking for a hands-off approach to updates.

Advanced Automatic Updates. This lightweight plugin adds the kind of automation you’re probably looking for with the minimum of fuss.

Other than picking one of the above plugins, you could switch to a managed hosting provider or even use a WordPress maintenance service like WP Maintainer.

If you are using the Avada theme, you can access the automatic theme updater through the Avada Welcome Screen. Once setup, you can update the theme with a few clicks. Please see this documentation post for details.

In addition, ThemeFusion does a great job of displaying important information in regards to each update. Before you update, always check the changelog and the important update information. These two resources will inform you of any new features, code changes and overall improvements and fixes.

The ThemeFusion documentation is also a great resource to check for solutions to any known issues. And as always, the helpful ThemeFusion support team is just a support ticket away.

By now you should be in no doubt as to the importance of keeping WordPress core, themes and plugins regularly updated. Better still, you know exactly what to do:

And if all of the above seems like too much work, just setup automatic updates. Now it’s over to you! Do you have any updating tips or tricks to share, or any questions? Fire away in the comments section below.