One of the most critical steps you can take in running a website is keeping it up-to-date with the latest WordPress and plugin updates. These updates come out fairly often and will be apparent by little “orange” circles within the admin bar. If you’re going to be updating your WordPress site yourself, a few things to consider are:
- Understand your backups first: Having an understanding of your web hosting providers backup is the first step. Are they daily? Are you able to restore them? Some hosting providers offer minimal backups and if a ticket takes 24-48 hours to respond to, you may be overwriting good backups with bad backups before the provider can restore the site for you. Before you break something, spend a few minutes understanding your web hosts backups.
- Setup local backups: These will be your go-to backups. Plugins such as BackupBuddy and Updraft are two great plugins that can run backups for you. The better hosting providers will not allow these plugins as they are resource intensive and create a large amount of disk usage storing backups. So check with your hosting provider and make sure they do allow backup plugins. Additionally, you will want to make sure that your backups do not put you over the disk quota. This isn’t usually an issue but on some older hosts it can be.
- With a backup plan in place, do you have a staging area?: Does your web host offer a staging area? Many do and you can perform a test run of the updates in a safe staging area, review the website and if all is well, complete those steps on the live website.
- Review the update notes: Many updates offer bug fixes and security updates which are fantastic. Others provide significant functionality increases and should be upgraded to cautiously. Make a list of the plugins that you are updating so that you can keep track of the changes
- Give it a whirl: While we perform our updates in test environments after reading the release notes for the updates, end users are generally ok to upgrade in place with a backup on hand. In the end, if something is broken, the site can be restored. If the upgrade is completed successfully (as they usually are), your website is safer because of it.
We’re not advocating for just logging in and clicking update and upgrading in place but customers who may not be on our care plan, upgrades are generally safe to complete and it would be better to keep the site updated than to take no action at all.
As far as scheduling goes, we would suggest performing WordPress, Plugin and Theme file updates on a monthly basis. Just set a calendar event with some notes and links to backup/restore resources!