wp_updateThere are two types of people in this world, kid: 

  1. Those who want their site to be as up-to-date as possible, all the time
  2. Those who couldn’t care less

TL:DR Version

» ALWAYS update your security plugin
» Let your web person handle everything else

To be pragmatic, one really needs to fall somewhere between these two extremes. Updating to the latest stuff makes a lot of sense for the sake of website security, features, and compatibility, but there are some really important reasons not to update certain components every time an update becomes available. Here’s a breakdown of the ramifications of updating your theme, your plugins, and WordPress itself.

The Risks of Updating Your Theme

Note: this section assumes that your site uses a pre-built theme that was installed and modified for your site, not a theme that was built from the ground up just for your site. Site owners falling into the latter category can skip this section.

While the theme’s creator may be bragging about all the new whiz-bang tricks that “Theme-taculous 6.0” can pull off, you may regret clicking that Update button if your site is currently on version 3.97. Theme developers have no way of knowing for sure how their themes get used, so no matter how hard they may try to ensure backwards compatibility, they can’t often guarantee that your site won’t be detrimentally affected by a given update. Theme updates can break any number of things, including the way it looksthe way it functions, and even access to the WordPress dashboard!

This isn’t to say that you should never update your theme, and sooner or later you’re probably going to have to. If you wait too long to update WordPress then security holes can start to become a problem (and a single security breach can cause major headaches), and if you update WordPress then a very old theme might stop working correctly, potentially producing the same symptoms listed above. Yeah, seems grim, right? The good news is that your theme can be updated, it just has to be done with care. More on this topic below.

The Risks of Updating Your Plugins

For the most part, everything written above applies here. Updating a given plugin may improve the reliability and features of a given plugin, but it can also cause the existing features to break in your particular installation, and in some cases can cause other aspects of your site to break. Plugins that don’t have any bearing on visual aspects of the site are less likely to cause problems, as are smaller increment updates (i.e., updating from v.1.23 to v.1.24, instead of v.1.23 to v.2.0), but the safest option is always going to be holding off until you can do a safe update of everything (more info below).

There is one very important caveat here: ALWAYS UPDATE YOUR SECURITY PLUGIN. The likelihood of these updates breaking something is very low, and it’s important to keep your security software current to ensure that hackers and bots can’t break into your site. Angled End uses and recommends the iThemes Security plugin for all WordPress sites.

The Risks of Updating WordPress

Again, you can largely refer to what you’ve already read here, but the basic facts for WP updates are: updating can cause problemsincremental updates aren’t as likely to cause problems, and security updates will almost certainly not cause problems (so don’t disable automatic security updating, which is turned on by default). Sooner or later, though, you really do need to update your WP installation, and for the sake of getting access to big, new features, you’re probably going to want to. A safe rule of thumb is to not let yourself get more than a full version number behind (i.e., WP is now at v.4.6.1 but you’re on v.3.2.1).

Safe Methods for Updating Everything

Depending on your hosting setup, performing updates may not be a big deal at all, but in most cases it’s going to be tricky to do so safely. Here are the two most common methods used.

Method 1: Create a Full Site Mirror/Staging Area

mirror is a perfect duplicate of your site in a different location. Having a mirror allows you to update anything you want in order to see if anything breaks. If it doesn’t, then you can “push” those changes to the live site (methods here vary more on this below) and you’re done! If something does break, you now have plenty of time to fix it without worrying about your live site going down.

There are two ways of going about this. Let’s start with the simple, traditional method:

a: Create a standard duplicate of the site

With this method, we’re using a plugin like Duplicator to copy a mirror into a subdirectory such as website.com/staging. The downside of this route is that you have to be careful to match all the changes from your mirror on the live site after you’ve tested them out, lest you wind up with two sites that are different from one another.

b: Use a staging system to push changes to the live server

The premium plugin (i.e., not free) BackupBuddy is the only WP plugin we’re aware of that can create a staging area and push changes from that version of the site to the live site. But there are also a couple of server-based solutions for this task. WP Engine is a web host that offers this ability built-in: their modified WP dashboard can create a staging area and/or save historical “states” of your entire site (not just the history of pages/posts, which is built into WP). If you want to use a different web host (shameless plug: we offer reliable, fast, eco-friendly hosting for $10/month) then WP Stagecoach can handle similar tasks off-site, including the ability to push changes to your life site.

Method 2: Use WP Plugins to Create a Backup (and hope you don’t need it)

This is probably obvious, but in order to “undo” an update-related breakage, one needs to be able to revert back to the website setup before the update was performed. This isn’t as simple as just saving a copy of the item that you’re updating before you update it because the updated item may create changes in your WP database that the older version of that item won’t understand (in other words, v.2.78 of your plugin can’t read the changes that v.3.0 makes as soon as it’s been activated).

As with the Method 1/A above, the Duplicator plugin can be used to save a complete backup of your site, including the database, either on the hosting server or on your local computer. The only potential problem with this method is the potentially difficulty of reverting to the backed-up version if things go wrong after updating your site (and the fact that you’ll now need to switch over to Method 1 in order to perform those updates safely). But if you are tech-savvy or have a web developer/designer at your disposal, this method should work well.

Method 3 (Geeks Only): Perform a Traditional Manual Backup

We’re not going to go into detail on how this is done except to make clear that it’s usually performed using FTP and phpMyAdmin. Your friendly web developer/designer should be able to handle the rest.