WordPress is a popular Content Management System (CMS) with a large portion of the web running on it (35% of all websites and 60% of the CMS market! and it’s still growing) this popularity is deserved with WordPress giving users incredible control over their websites.
The popularity, however, comes with some issues, WordPress is a target for malicious users attempting to target thousands of websites at the same time by finding a single hole in the platform’s defences. One of WordPress’s big selling points is the vast array of plugins and themes available, paid and free, that help users quickly extend the functionality of their website, this, however, opens up more avenues into unsuspecting WordPress based sites. The threat is real and is a numbers game, it’s much more efficient to target a platform which thousands of sites use rather than one site at a time.
It’s not all bad news, WordPress’ popularity comes into play again, alongside its open-source foundation; these two factors mean there are over 100 people contributing to updates to WordPress itself and thousands more reviewing, testing and documenting the CMS. This means that security issues are being looked for by, identified, tested and resolved by everyone in the WordPress community.
When issues get fixed, they make updates available to all WordPress sites though the built-in update system, this keeps all the sites up to date with the latest security patches. This same system can also update plugins and themes if it has submitted to the WordPress plugin store.
The WordPress update system
Knowing why it’s important to keep WordPress updated is one thing, but knowing how to do it is the real key. WordPress makes the whole process as easy as it can by constantly monitoring your website and its installed plugins, it compares these to the latest versions available and if they need updating it will alert you in the admin area. Recent versions of WordPress take this a step further for the core, when they detect a new version, they will automatically download and install it!
To view the update area of your WordPress site login to the admin area and view the dashboard, if there are any updates you will it will alert you to them here. On reviewing the updates, you can see if there are any for: WordPress core, plugins, themes or translations, it also lists updates under ‘Updates’ in the menu under ‘Dashboard’ and if they are available for plugins, it will alert you on the ‘Plugin’ menu.
The easiest method is to view the updates via Dashboard -> Updates as it will show you all the updates in a single place, making it easier to review and process the updates. This update system works wonders; however, it is important to note that not all themes and plugins are compatible with this system. With WordPress being so popular, a wide range of ‘premium’ themes and plugins are available to purchase outside of the WordPress system. Not all of these have integrated themselves into the built-in update system, instead, they rely on either the user manually updating them or their own methods of ‘calling home’ to check for new versions, usually alongside the verification of a valid license.
Sticking to popular well-trusted plugins and themes will help to ensure that they are easy to install and update, the WordPress plugin directory helps by displaying users’ ratings giving each one a rank out of 5. When looking for new extensions looking over these reviews is a good way of making sure you only install the best plugins.
Things to watch out for
The update process is vital and deals with the vast majority of updates with no issues at all, it is, however, possible for things to go amiss so it is important to know steps to take to minimise issues and help recover should you need to.
The first and most important is to make sure you have a regular backup system in place, this is something you should have in place anyway so that if something goes horribly wrong with your site, you can roll back to a backed-up point to recover it. WordPress sites have various options for backing up and its best to discuss these with your sites developer to make sure it’s covered, some website hosts offer this as a service and will deal with backing up automatically for you. If you want more control over the process plugins come into play again, one option is Backup buddy which lets you zip the whole site up and either download it or send it to cloud storage such as Dropbox. Whichever solution you use make sure backups are taken regularly to keep things safe, with plugin backup tools you can take a backup before starting any updates which will ensure you have an updated backup!
Order of installing updates
With the site backed up the next thing to watch out for is what order you do updates in, it’s recommended that we update the WordPress core first then the website checked before continuing with the plugin updates, this is because plugin updates are for the latest version of the core and sometimes plugin updates will require the new core version to work correctly. This is why you will normally see a flurry of plugin updates around the same time as a core update as they are making sure they are compatible with the latest version.
Not having too many plugins
WordPress plugins are fantastic and really help to add functionality to your website, it’s important to make sure not to get carried away and install too many. Each additional plugin adds additional complexity to your site, which increases the possibility of an update interfering with the others and causing issues for your site. Large numbers of plugins will also have other negative effects, such as slowing the site down or increasing the overall size of your site (something that will make backing up and restoring your site more time consuming). It’s something I see all too often, in a few particularly bad cases there have been multiple plugins doing the same job! This greatly increases the chances of the plugins interfering with each other and causing issues.
Not applying too many updates at one time
This is particularly true of a site that has not been updated for some time and has a large number of updates to do. If you update all of them at the same time and run into an issue, you won’t know which update caused the problem. Installing the updates one at a time (for complex or really out-of-date plugins) or in small batches and checking the website after each round will narrow down the candidates should something go wrong.
If the worst should happen and an update causes your website to go down and prevent access to the admin area, it’s rare but can happen, it’s important to know how to go about restoring access. Linking to the above point if we know which plugin, or group of plugins, has caused the issue we can disable them with the aim of fixing it without having to revert to a backup.
To disable a plugin you will need to login to the hosting control panel or FTP and delete the plugin folder from /wp-content/plugins, you can also rename the folder to break the link but keep the files. If you work through the suspect plugins one at a time checking the site between each you should be able to narrow down which plugin is at fault.