If your website is running on WordPress it’s important to keep both the WordPress software itself and any plugins or the theme you’re running up to date, mainly for security but also to keep the website running smoothly.
Fortunately the process of updating is easy, however you are always advised to take a backup and / or test things first.
How do I know if I need to update?
If you’re too busy to spend your days hanging out in the WordPress admin panel, you might not notice the following icon in the top menu bar (or even be prompted by some other message).
But this icon is important because it’s telling you that updates are available.
Click it and you’ll be taken to the WordPress updates screen which lists all available updates to WordPress itself as well as any plugins or themes.
You should notice that you but…
Before you update…
Make a backup of your site in case anything breaks (unlikely but why risk it).
Let’s be clear, WordPress itself and also many plugins or themes are well tested before reaching your update screen and not updating any updates related to security is not an option.
However it’s always wise to make a backup and / or test the site first on a staging website (an exact copy of your website used solely for testing purposes) if you have one in case an update causes some incompatibility or other issue with your site.
(I’ve very very rarely seen this happen but it’s always best to have a backup for this reason).
Assume you have some backup system in place go ahead and do your backup (if not see my post ‘Best WordPress backup options‘ and / or contact your hosting company).
If you’re keen to do some further testing though before just updating your live site some hosting companies will let you make a copy of your website called a staging website which lets you make and test all the updates first.
Then, when you’ve confirmed everything is working, simply repeat the process on the live site.
What should I update first?
If you’ve got a choice of updating plugins, themes or WordPress itself and you’re not sure where to start, I recommend updating the plugins and themes* first.
(Remember you can also delete any unused plugins or themes if you know you’ll never use them anyway).
*A note of caution on updating themes
Depending on where you bought / got your theme from you may also be offered updates to your theme or themes that you have installed WordPress (bearing in mind that you can have many themes installed but only be using one at once).
However it’s important to understand that if some customisation has been done of the theme (e.g. a design tweak that involves going into the code) then, depending on how it’s been handled, you may lose these changes on updating.
If in doubt it’s best to contact the supplier of the theme and / or read any notes about the update to understand what’s best.
(Of course if you follow my advice to update or test on a staging site first you can always check the theme update and see what changes (if any) it makes).
Can’t I just ignore updates? Nothing has happened before when I haven’t updated.
My quick answer would be ‘no’ and I’ll tell you why.
Firstly, security updates are not just about preventing someone hacking in and stealing your data, more likely some kind of bot might exploit the weakness in the code (which the security update is patching) and you might wake up one day to find that Google has blacklisted your site because it’s spamming people with Viagra adverts (or worse).
(Yes, it really does happen so don’t wait to see if you get ‘lucky’ or not).
So if you see any update to do with security – and they’ll often be notes next to the update in question explaining whether the update is for security, fixing some bug or adding a new feature – always do it (after backing up).
Bug fixes / new feature updates
These are optional but in the long run you’ll probably want to do them. Again the easiest way is just to backup / test first and then roll out all the updates.
What should you test? If you don’t have time or the staff to test everything then make sure as a minimum all key pages, contact forms and other parts of your site which drive customers to you look OK.
Do I need to do this myself?
If you’ve got an assistant you could ask them to check regularly. Or your hosting company may do it automatically (WP Engine will auto update WordPress straight away for any security related release for example).