Guidelines for updating WordPress and its plugins, safely.
Chances are, you already know how important it is to keep WordPress and its plugins up to date. If not, let this article be a wake-up call: you absolutely need to keep your system up to date.
All software has bugs and vulnerabilities (whether it's WordPress itself, themes/plugins, or Apache, Nginx, Linux, PHP) discovered every day. Updates patch those bugs to keep your website secure and functioning.
That's all well and good, but the problem is: how do you keep your WordPress installation updated, without an update taking your website completely offline without you noticing? It can be pretty challenging - you have a website that works for your business, you don't need to login to update the content more than a couple of times a year - the last thing on your mind is updating your WordPress plugins.
This article can help.
Table of contents:
- Manually update your WordPress plugins
- Monitor your website, effectively
While automatic updates are best-practice in most other places, such as your phone and laptop, you definitely want to manually update each WordPress plugin one-by-one, on a regular basis (whether that's each week, or each month).
Why manually? So that you can observe the results, and hit "Rollback" in case your website stops showing content after you update the plugin.
"What if it's too late?!" you ask?
You can recover from an automatic update taking down your WordPress website in a few steps, assuming you can log in to the server
- Log in to your WordPress host server
- Rename the existing
wp-content/pluginsfolder, I'd call it something like
- Create a new, empty
- One plugin at a time: copy your plugins back from the temporary folder, into the
pluginsfolder, and refresh your WordPress website in your browser - repeat until the site breaks
- Once the website breaks, you know that's your bad plugin (or one of them)
- At that point, you can log into the WordPress admin, and either rollback the plugin, or if it's a premium plugin, download a fresh copy and install it
While the author of this article does run a website monitoring service, this tip applies regardless of which uptime monitoring tool you use: it's important to monitor correctly.
The last thing you want is to find out your website has been down for months, while your uptime monitoring tool has been happily reporting your site as "up".
A simple "is my website online?" check will not always work for WordPress. Those famous "Critical Error" screens (below) can show up without sending a "down" HTTP status (4xx or 5xx).
For this reason, I recommend uptime checks with "text to search for" configured. These checks will look for text that only shows up when your content has loaded, while also looking for "down" HTTP status codes.