Guidelines for updating WordPress and its plugins, safely.

Max Rozen

Max Rozen

Chances are, you already know how important it is to keep WordPress and its plugins up to date. If not, let this article be a wake-up call: you absolutely need to keep your system up to date.

All software has bugs and vulnerabilities (whether it's WordPress itself, themes/plugins, or Apache, Nginx, Linux, PHP) discovered every day. Updates patch those bugs to keep your website secure and functioning.

That's all well and good, but the problem is: how do you keep your WordPress installation updated, without an update taking your website completely offline without you noticing? It can be pretty challenging - you have a website that works for your business, you don't need to login to update the content more than a couple of times a year - the last thing on your mind is updating your WordPress plugins.

This article can help.

Table of contents:

Manually update your WordPress plugins

While automatic updates are best-practice in most other places, such as your phone and laptop, you definitely want to manually update each WordPress plugin one-by-one, on a regular basis (whether that's each week, or each month).

Why manually? So that you can observe the results, and hit "Rollback" in case your website stops showing content after you update the plugin.

Recovering a failed automatic plugin update

"What if it's too late?!" you ask?

You can recover from an automatic update taking down your WordPress website in a few steps, assuming you can log in to the server

  1. Log in to your WordPress host server
  2. Rename the existing wp-content/plugins folder, I'd call it something like plugins_temp
  3. Create a new, empty plugins folder
  4. One plugin at a time: copy your plugins back from the temporary folder, into the plugins folder, and refresh your WordPress website in your browser - repeat until the site breaks
  5. Once the website breaks, you know that's your bad plugin (or one of them)
  6. At that point, you can log into the WordPress admin, and either rollback the plugin, or if it's a premium plugin, download a fresh copy and install it

Monitor your website, effectively

While the author of this article does run a website monitoring service, this tip applies regardless of which uptime monitoring tool you use: it's important to monitor correctly.

The last thing you want is to find out your website has been down for months, while your uptime monitoring tool has been happily reporting your site as "up".

A simple "is my website online?" check will not always work for WordPress. Those famous "Critical Error" screens (below) can show up without sending a "down" HTTP status (4xx or 5xx).

WordPress Critical Error Screen

For this reason, I recommend uptime checks with "text to search for" configured. These checks will look for text that only shows up when your content has loaded, while also looking for "down" HTTP status codes.

Interested in reading more about monitoring?

I send one email every month with an article like this one, to help improve how you and your team monitors your website

Lots of folks in DevOps and SRE like them, and I'd love to hear what you think. You can always unsubscribe.

    You can unsubscribe at any time. Read the privacy policy.