Updating WordPress and PlugIns
September 1, 2016
WordPress is the single most popular content management system in terms of usage, with nearly 40% of all CMS-based websites built upon the platform. There’s good reason for this dominance — it’s well-built, easy to use, and supported by a vast library of plugins that can customize and extend its functionality to address nearly every modern website challenge.
As with any application, keeping the software up to date is a key to maintaining maximum performance.
Why keep WordPress updated?
- Security. WordPress is really secure — it just happens to be a bigger target so it’s easier to hit. As new vulnerabilities are found, the core code is patched and updated. To take advantage of these updates, you have to update your site.
- Your web host might require it! Your web host doesn’t want to deal with hosting your insecure/outdated code.
How easy is it to keep WordPress up-to-date?
- Some web hosts have installation managers that install WordPress for you. If this is the case, WordPress will generally update itself automatically. This can be good, but you still have to keep an eye on things.
- If you manage your own install, and choose not to auto update, it can be as easy as clicking a button if you’re not more than two versions behind. Otherwise you’ll need to do incremental updates where you’re deleting and updating core files manually.
Trouble with themes
- Updating WP core can break a theme if the theme uses depreciated WP code. Breaks are more likely to occur on a theme that is several years old.
- You might need to repurchase theme/theme support to acquire an update. Sometimes, unfortunately, repurchasing is not an option. That said, most commercial themes are probably okay.
Trouble with plugins
- Plugins are more likely to have problems than themes. A plugin is a piece of code that adds a specific functionality to a WordPress site. Choose plugins carefully! They are more likely to pose a security risk, and are a common source of trouble during WordPress updates.
- For most free plugins, you’re relying on someone you don’t know to write code for your website. That means you need to evaluate it well before you install it! Consider how well it’s written, whether it uses depreciated WP code, follows WP best practices, and is maintained at regular intervals. Does it depend on other plugins to work (for example, CF7 and CF7 Honeypot)?
- Some commercial plugins require you to re-purchase the plugin to update it. Others may require a yearly subscription. Make sure you know what you’re committing to when you choose to install a plugin.
Things to watch out for
- Incremental updates are a pain. If you get more than two versions of WP behind, you’ll have to update incrementally. Keep an eye on version numbers to make sure your install is updated often enough to avoid this.
- Pay attention to emails you receive from your web host. If your WP install falls too far behind, they’ll email you and warn you. (The host’s next step if you don’t update is disabling your site, or updating for you.)
- See if there’s a list of plugins that the theme depends on, and do some research on them first. Not all themes will do this research for you.
- Check the comment area (if there is one) where the theme is for sale to see what people are saying. If people consistently pan the theme, you’re probably better off with another choice.
- Check other themes by the same author. You can find out a lot about what to expect this way.
By Jen Irvin. Read about Jen on our Meet Our Staff page.
- Has it been updated recently? (Does it need to be?) You’ll get a sense of whether the author is keeping up with it.
- Is it compatible with your version of WordPress? There are many versions, so this isn’t a given.
- Check the most recent comments in the WP repository to get a feel for user attitudes (and also developer responsiveness). The best plugins are updated frequently, and the developer responds to reports of problems.