I always say that WordPress sites need love. Love and attention.
WordPress is one of the most popular content management systems– probably THE most popular. It is used on 60.9 percent of all sites that use a content management system, and 23 percent of ALL websites.
That’s not surprising. There are dozens of reasons to use WordPress, from the ease of use, to its low cost and standard features.
The popularity of WordPress makes it an attractive target for hackers. This surprises many of my clients. “Why would a hacker try to break into my site? What do they want?” Honestly — I have no idea. Some may do it to post malicious content and take over your domain. Some may do it because they can.
I advise my clients to be watchful.
- I counsel on the importance of strong passwords.
- We never use the “admin” default username.
- We install a security plugin as part of our launch process.
This is all part of the Standard Beagle “good security hygiene regimen.”
But one of the most important things site owners should do to protect their site is to keep it updated.
The team from Automattic regularly releases updates to the WordPress core — including security updates. These are patches to vulnerabilities that can help protect a site. Likewise, plugins need to be updated. Good plugin developers regularly patch security fixes and make releases.
If a site owner doesn’t perform basic maintenance regularly, they could be inviting hackers to their site.
But there’s a caveat. Updates should be treated with care. It’s just as easy to break a website with updates if you don’t know what you’re doing, and it could cost you. Fortunately, I have some steps you can follow to make sure your updates go smoothly.
1. Start with a complete backup
We use BackupBuddy on most of our sites. It’s a premium plugin from iThemes, and it’s well worth it, but there are a number of backup plugins our there. I also like Vaultpress, and WPEngine performs backups as part of its hosting service.
I backup before doing any updates, and then I will often backup in between each update.
2. Test updates on a staging server
If you are lucky to have a staging server at your disposal, this is a great time to use it. WPEngine is one of those hosting companies that offers easy access to a staging server. All you have to do it go into the WPEngine tab of your WordPress site, click the staging tab on the screen, and click “Live to Staging”. WPEngine then makes a copy of your website on the staging server and give you access so you can test all of the updates. It’s a great way to detect any plugin or theme conflicts and test fixes before updating the main site.
3. Update plugins one at a time
Yes, it takes longer. But take it from me and my experience learning the hard way. If you try to update several plugins at once, you could end up freezing up your database and get the white screen of death. Hopefully you have FTP access if this happens to you, because you’ll need it to delete the plugin file and try again.
So take the extra time and update plugins, themes and the core slowly and with intention.
4. Test your site between each update
After the update, go to your site and refresh the page to see how the plugin affected it. Chances are really good that it won’t have affected anything visually, but it’s important to test and make sure. Sometimes plugins can conflict with another plugin you’re using after an update. Click through your site. Make sure it’s working the way it’s supposed to.
If you run into a problem, you have options.
- The first thing I do is re-save the permalinks. There are a couple of plugins I use that tend to get messed up unless I do this. Go to Settings>Permalinks and click “Save”. You don’t have to do anything else.
- Another option is to check that the plugin re-activated. Sometimes they deactivate and don’t turn back on when the plugin update completes. Go to Plugins and check to make sure.
- If it’s a cosmetic issue on the site, you might want to contact your web developer/designer. They may be able to make some adjustments for you.
- If your site is really messed up, roll back the update. You might need to restore the backup you made right before the update. Unless you have a one-click restore through WPEngine or Vaultpress, I don’t recommend doing this on your own unless you know exactly what you’re doing. Contact your web developer to help.
- Contact support.Many premium themes and plugins have support forums where you can check to see if other users have experienced issues with an update. You can post the issue and the plugin or theme developer should respond.
Hopefully this list doesn’t intimidate you. WordPress sites need love to stay secure, and updates are really important. So let’s get updating!