3 ways to keep your WordPress site updated and secure
Why should I update WordPress? It’s working fine!
It’s tempting isn’t it? It’s all working fine, why rock the boat?
These days it is super important to keep your WordPress site updated though, and we don’t just mean the WordPress app itself but all of the plugins and themes that are installed as well.
We hear or see comments like this on a pretty much daily basis:
“It’s working and I don’t need the new features so I will leave it as it is”
“It just takes too long to update, I’m too busy and it’s all working”
We look at it this way, if you drive a car you still get it serviced because it will eventually cause you issues if you don’t and you’ll end up with a big bill, this is the same with WordPress and the bill is lost time, reputation and customers.
Hackers actively seek unpatched WordPress sites and before you know it your site has been hacked and you’re scrambling to find out how they got in and if you have a current backup to restore. Now I bet if that happened, you’d be wishing you’d found the time to do those updates?
Method 1: Automatic WordPress updates
The full automatic update feature was introduced into WordPress around August 2020, this gives you the option to turn auto-updates on for individual plugins and themes directly from the WordPress admin dashboard rather than the previous automatic minor updates for the WordPress core.
By default WordPress will update itself when minor security patches and minor version changes released (The Z in the X.Y.Z version numbering). It’s always best to try and use the latest version of WordPress unless though unless you really have to use an old version for some reason and if you do, then you should take extra security precautions.
To access the settings for WordPress auto updates login to your WordPress admin dashboard, if there are any updates available they will usually be shown on the left hand menu panel under “Updates”.
Click on the “Updates” menu item.
From here you have the option to update your WordPress plugins individually or in bulk.
ALWAYS MAKE A BACKUP BEFORE UPDATING YOUR SITE
Apologies for the “shouting”, this is a very important part of preforming any updates so please do it *EVERYTIME* you are preforming a WordPress update. 99% of the time things will be fine, but that 1% of the time when it breaks can be a real hassle if you’ve not got a recent backup.
To update the plugins, just select the plugins you wish to update (or click “Select All”) and click “Update Plugins”.
The same also applies to themes, even if you’re not actively using a theme, if it’s installed you should update it as it can still be used to attack your site.
Here we can see all themes are up to date so there are no upgrades to apply.
If there are updates available for the WordPress core (the actual brains behind WordPress, like the engine in a car) this will be shown at the top of the page.
As you can see we have a major version upgrade, but we aren’t doing this on this site at the moment as the theme will not support the latest version for a few months (some developers are quicker than others). You should always check that the theme you are using is compatible with the latest WordPress version before updating.
If you do want to run the update please remember, *BACKUP BACKUP BACKUP*, sorry for the shouting again, but it really is important.
You can run the update by clicking the update now button, if the update is successful have a browse round your site and fix any errors that may have been introduced and if it fails then use that backup and restore your site.
You should also have the option to turn major release version auto update on for WordPress:
If your site is a very simple blog and does not have many plugins this would most likely be fine. If it is a busy ecommerce site with lots of customers then we would always run this manually as you can then run a *BACKUP* first just in case anything goes wrong.
Because we have taken backups before doing any of the above, we have nothing to lose but time. All data is saved and we can restore it, keep a lookout for our how to backup WordPress easily article and video from Dean coming soon.
One final tip when upgrading your live site, use a coming soon/maintenance page on your site to put it in to read-only mode or stop users from seeing it, that way if something does break no one will be placing orders or seeing broken functionality whilst you restore it from a backup. One plugin that we use ourselves on some sites is Coming Soon Page, Maintenance Mode & Landing Pages by SeedProd.
Method 2: Clone, Update, Test
This is a method we see used a lot, as it is a much safer way to keep your site updated.
This method involves making a clone (copy) of your site to a different domain name for example if your site was “example.org” you may want to use “staging.example.org”
There are a few ways to create staging areas or clones of your site. Some hosts offer automated solutions to do this while with others the process is completely manual, do not fear and keep checking our learning centre as we will be doing a full how to of how to clone of a site using the most popular control panels and software soon.
With this option once you have cloned the site, you can simply run the updates on the cloned site. This enables you to test any updates before you run them in to your production site, giving you time and space to fix any issues without being under so much pressure.
Run and test the updates on your /clone site, make sure they all work, then *BACKUP* your production site and run the updates at a time of your choosing or if you’re using a smart tool to handle the cloning it might just allow you to convert your clone site to being the live site. Converting the clone to the live site is only really suitable for quieter sites though, as any orders, comments, new content posted etc. to the original live site after you made the staging clone won’t be there.
This is a pretty good way to roll out your essential updates and is not too time consuming.
Method 3: The KDAWS.com Smart Updates way
We’re not going to lie, this is the easiest way to keep your WordPress sites updated, it needs minimal knowledge, does not require you to make any manual backups and its automated. We have tried to make things as simple as possible for you to manage your WordPress websites by giving you the best tools available. Here’s how to make use of “Smart Updates”.
When you log in to your hosting control panel and click WordPress from the menu, you will see your WordPress sites listed, for this example we have selected Dean’s B & H Models site.
If you look at the bottom of the page there is a magic little button called “Smart Updates”, just flip this toggle button and your updates are taken care of. If any errors are detected during the updates they are not applied, and you will be sent an email so you can decide what to do with the updates.
You can also run this manually step-by-step if you want to make doubly sure everything is okay with your site:
Login to your hosting control panel and click on WordPress, turn on smart updates, then toggle the smart updates button and click smart updates check updates:
There you, go we have just scanned the site and can see exactly what updates are available. Before we do anything else make sure the “Restore Point” checkbox (top right) is ticked, this will create a restore point (*BACKUP*) just in-case we need to go back. This will not affect the live site unless we tell it to, but as we always say “always make a backup and you won’t be sorry”.
Tick the “Select All Updates” checkbox and then click the “Update” button.
Smart updates then spring into action:
First it clones your site:
Tests several pages of your site:
Applies the updates:
Completes it’s tests
Now the Smart Updates are complete you will be shown a selection of pages so you can compare them with the updated version. You can use the slider to see the pages before and after the updates, now that’s smart:
You should pay particular attention to the update forecast panel, as errors will usually show up in there:
This update all looks good with no errors.
Now click the Apply updates on the top right:
Then click the “OK” button.
The system then takes care of applying the updates to your live site:
A restore point is created and the plugins, themes and core are updated. Everything is then copied to the live site, the website health checked, and if everything goes to plan you will see the following screen:
Your updates are now done, quick, easy and stress-free.
By clicking “Accept”, you consent to the use of ALL the cookies. However you may visit Cookie Settings to provide a controlled consent.
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Functional cookies help to perform certain functionalities like live chat, sharing the content of the website on social media platforms, collect feedback, and other third-party features that improve the functionality of our site for you.
Marketing cookies are used by us to setup run our advertising campaigns and track their results. These cookies track visitors across websites and collect information to provide customized ads elsewhere.