In this tutorial, I’m going to explain why you should update your WordPress website.
WordPress is open source software available to anyone! Meaning it’s free to use, so very popular all around the world! It’s been downloaded over 59 million times. And is used by 34% of all websites around the world. That’s huge!
The disadvantage of free software is that it can be exploited by hackers. Yes, there are some horrible humans out there that have nothing better to do!
Hackers have free access, and the time to study the WordPress files. In turn, discover which files are vulnerable and are easy to hack.
The good news is; the developers of WordPress (Automattic) know this and keep re-developing the files to make them more secure.
Hence why there are so many WordPress updates!
So what can you do?
Check out my list of the 10 most important things you can do to keep your site safe!
- Update the WordPress core files
- Check the PHP version and update
- Check for outdated plugins
- Update all the plugins
- Update the active theme
- Delete the other themes that aren’t needed
- Ensure your web hosting has good security and firewalls
- Update every time there is a new version of WordPress
- Update your plugins & theme regularly. Don’t leave it too long!
- Backup your site on a regular basis.
Let me explain those points further
Step 1 – Update the WordPress core files
I can’t stress enough how important it is to update the WordPress version. If your site has always been updated then you shouldn’t have any issues just clicking the update button. However, if your site has not been updated for a few versions or years, you need to be very careful!
Always update WordPress first before the plugins or theme.
Here are my tips for safely updating WordPress if you haven’t updated it for a long time.
- Always backup the site first!
If your not sure which plugin to use I recommend the UpdraftPlus plugin. Make sure you download the full backup of your site to your computer. So if something goes wrong a developer or you can contact us to sort it out for you.
Read my tutorial if you need help with backing up – https://www.letsbuildawebsite.com.au/how-to-backup-with-the-updraftplus-wordpress-backup-plugin-2019/
- Install a maintenance plugin. The purpose of installing a maintenance plugin is so you can test the plugins. A maintenance plugin allows you to put a sign up saying something like “currently updating our site come back in 30 minutes”.
- That way no-one can see the site whilst you deactivate the plugins. It’s also wise just in case you have an issue with your theme after updating. Believe me, it happened when I was updating a client’s site!
There are many free plugins for this. For e.g. https://en-au.wordpress.org/plugins/wp-maintenance-mode/
I would definitely install a maintenance plugin, so you can do the next step.
- Deactivate all the plugins first BEFORE you update WordPress. Once WordPress is up to date. Go to the next step.
Step 2 – Update the PHP
Just like any software, you must keep it up to date. PHP is what WordPress is built on, so this needs to be updated. Some plugins will request that you update the PHP. And some plugins won’t work at all if it’s not up to date.
The steps to update the PHP version
- Login to your hosting’s Cpanel or control panel.
- Go to the Software section.
- Click on the Select PHP version.
- If you are still on 5.4 then you need to update it.
- You need to update to at least 7.1 or 7.2 (2019).
- Make sure you screenshot the PHP settings.
- By default, it should bring the exact same settings over.
- As the website may not work without the same settings.
- So just in case it doesn’t you can check the same settings based on the screenshot.
- If the website is still not working properly you will have to put it back to the original PHP version and ask your web host to do this for you. Which they should do for free.
Step 3 – Replace or delete outdated plugins
If your site was built years ago, I can probably guarantee that there will be some outdated plugins. I considered outdated plugins, ones that haven’t been updated for a year or more. They can be very dangerous to the safety of your site.
If you have completed step 4, and you found that one plugin or more are really outdated and are causing issues with your site.
What you need to do is:
- Keep this plugin deactivated until you find a new one to replace it.
- If you really need this plugin and it doesn’t crash your site, you may keep using it until you find a new one.
- If you know you are not using it at all, just delete it for good.
My tips for getting a replacement plugin
Go Google search and search for the following.
- The “keyword + WordPress plugin”.
- For e.g. “Events plugin wordpress”.
- If it’s a free one – make sure it comes from the wordpress.org website.
- Make sure you check the last time it was updated.
- If it hasn’t been updated for a year and over, do not use it!
- DO NOT download free plugins from third party sites other than wordpress.org as they could have malicious code in them.
- If it’s a paid plugin, make sure you check if there are any reviews.
- And ask the developer about the plugin first before you buy ut.
- A great site to buy premium WordPress plugins from, that I know is safe is codecanyon.net.
- But in saying that – ALWAYS check their reviews. If they don’t have good reviews, don’t buy it!
- Once you have chosen the new plugin, install it.
- Deactivate the old one first before activating the new one.
- Set up the new one and then delete the old one completely.
- The reason why I say this is because you may still have data in the old plugin that you need to copy or import over. Once it’s deleted it is gone.
Step 4 – Update all the plugins
The next step once WordPress and the PHP version is up to date, is updating & activating each plugin one by one. If a plugin is going to break the site, usually you will see the white screen of death after you activate it.
If you get the white screen of death after activating a plugin, we can help you fix that immediately. See below for more details.
My tips for updating plugins safely
- Keep the maintenance plugin activated.
- Remember the plugins are all still deactivated at this stage.
- Make sure you only update one plugin at a time.
- After updating, activate the one plugin only.
- Then check the website.
- Do the next one then activate it.
- Repeat this until all your plugins are up to date.
Now if you activate a plugin and get the “white screen of death”. Follow these instructions to fix it.
- Login to Cpanel.
- Go into the public_HTML folder.
- Look for your domain name (if you have more than one domain on the server).
- Open the domain folder.
- Go into the wp-content folder.
- Go into the plugins folder.
- Find the plugin that caused the crash.
- Right-click on the plugin folder.
- Rename it by adding an underscore in front of the plugin name.
- For eg. “updraftplus” would be “_updraftplus”.
- This will automatically deactivate the plugin and your website should come back.
- That’s why it is crucial you only activate one plugin at a time.
- If you do them all at once and the site crashes.
- You won’t know which plugin caused the error.
- And it will take much longer to fix.
Go to step 4 to get help on what to do with outdated plugins.
Step 5 – Update the active theme
Ok, so sometimes the theme can be a real disaster if the site was built years again and never been updated. The truth is, your theme may no longer work at all!
Fingers crossed this is not the case!
So let’s look at the best-case scenario.
- If your theme does have updates, then it’s most likely going to be fine just to update it.
- Make sure you backup first!
- If it doesn’t look correct after the update you can safely put it back to its original state with the UpdraftPlus plugin. As discussed above. This has also happened to me a few times!
- Sometimes the theme will have an export option in the theme settings.
- Therefore, you could export the theme’s settings, then after the update import them back in.
- So your theme looks exactly the same.
If your theme breaks completely after an update
Usually, this means the theme is so old or highly customised it no longer is compatible with WordPress and the updated plugins. This is a huge issue because basically you need a redesign.
- The first thing you need to do is, go back and restore the theme under the UpdraftPlus panel.
- Once it’s back, you will need to find a developer (or a company like us) to change over the theme for you.
- The complexity of the job will depend on how many pages you have and how customised they are.
- The good news is, it can be done!!
Step 6 – Delete the other themes that aren’t needed
If you go to the Appearance panel, you will see your websites active theme and maybe other themes that have been installed but aren’t being used. You don’t really need more than 2 themes. Your live theme and a backup one.
I would recommend deleting all the other themes. As they often require updates also. And if you forget to update them, hackers can get into your site via these themes. Because once again some of the files may be vulnerable which updating fixes. So if they aren’t updated, they become easier to hack.
Some people suggest keeping a backup theme. In case the active theme breaks. Which you can do. But just make sure you update this theme too!
My tips for deleting additional themes
- Check the active theme to see if it has a parent theme.
- This cannot be deleted as parent and child theme work together.
- Ask your developer to confirm this. Or if your unsure don’t delete anything. And just make sure you update the themes that need updating.
- Usually, the parent and child themes have the same theme name or the same company name.
- Again if you backup the site first and accidentally delete something you shouldn’t have. You can always restore the themes.
Step 7 – Ensure your web hosting has security and firewalls in place
One of the most important steps you can do is ensure that you have a good web host. A simple way to check this is to go to their website and check what firewalls and security they offer. If you’re not sure, give them a call or email them to ask.
Also, check that they do regular or daily backups. And if they would restore the site if it got hacked.
If they can’t give you a definitive answer or don’t have these options in place then maybe you need to move to a more secure host.
We can help with that, just ask us how.
Step 8 – Update every time there is a new version of WordPress
Once your site is all up to date. This step is easy. Just login to your WordPress website once a week and check the update panel.
My tips for updating your site
- Always make sure you have a recent backup.
- Always update WordPress first.
Step 9 – Update your plugins & theme regularly. Don’t leave it too long!
- Once WordPress is up to date.
- Go to your plugins and update one at a time.
- Then go and update your theme.
If you keep on top of this and monitor your plugins. You should never have any issues.
Step 10 – Backup your site on a regular basis. Download the backup to a safe spot other than your hosting server.
I can’t stress this enough! Backing up your website can save your business and Google rankings!
Always backup before you attempt to update anything your not sure about. Download it to your computer or upload to Dropbox or Google Drive. So it’s in a safe spot.
That way you have peace of mind. And you can always restore your site if something goes wrong!
To sum up
Your website is a reflection of your business, so its worth protecting. When you invest so much time and money into your website, it’s crucial to keep it safe and secure. I hope this tutorial helps you protect your site by prompting you to update it regularly! And just remember I have had many years experience with these types of issues. So if you need any help give us a shout!
If you need help with updating up your site visit our WordPress support page.
Written by Jodi Allbon 2019.
Web Designer/Trainer – Adv Dip, Dip, TAE
Jodi is a qualified WordPress Trainer and Designer with an Advanced Diploma in Digital Media (2D And 3D Animation, Web Development) and a Diploma in Web Development. She has been a Website Trainer at the Northern Beaches Community College since 2008 and a WordPress Tutor for NSW TAFE since 2016.
Jodi has developed several web design courses including, a WordPress Beginners Course and Build your own WordPress Website for small businesses. These courses will teach you how to update and manage your website ongoing. Giving website owners more control over their website, thus helping to keep costs down.
View Jodi’s credentials here.