• Technology
  • Thinking

How Often Should WordPress Updates be Applied?

Scott Snowden
Scott Snowden
Business & Technology Strategy
Write to Scott
Share

In the WordPress ecosystem, there is a constant stream of changes and updates that you need to stay on top of. Even if you have a handful of plugins in use, it can seem like there is a new update to install every time you log in. There are three main components to a WordPress site that need to be maintained, but you may have other customizations or integrations that need to be considered.

  • WordPress
  • Theme
  • Plugins

Updates provide your website with the following benefits:

  • Security patches
  • Performance improvements
  • Feature enhancements

For the purposes of this post, we will focus on security benefits as they are usually the main priority when considering when to apply any updates to WordPress.

So, what’s the best approach to managing all these updates? Should you just click that “update” button whenever it shows up?

The answer is, “it depends”.

At Flywheel, we encourage WordPress clients to update their website as often as possible. If you are on our maintenance plan, we regularly use the following process:

  • Take a snapshot of your live site and restore it in a test environment
  • Perform the upgrade
  • Review/test and look for any obvious issues
  • User acceptance testing 
  • Correct any issues that arise and finalize
  • Schedule a live content freeze, upgrade the live site and validate launch

This process repeats several times per year and it is accelerated if there are major security issues or other vulnerabilities announced.

If you have a smaller site or one that you are managing yourself, this formal process might be overkill. For smaller sites, we would recommend that you upgrade as often as possible, while balancing the risk to your business. Anytime you do an upgrade there is the risk that it does not go as expected, resulting in downtime. If you do your own updates, consider the following approach:

  • Plan to do updates at an “off hour”, when your site is not managing critical traffic
  • Take a backup (never skip this step)!
  • Update the site
  • Review and validate

If things don’t go well, be ready to restore your backup. You can try again later or contact us for help. Sometimes plugin updates conflict with each other and future updates will resolve your problems.

To understand how often you should be updating your website, consider the following questions:

  • Do I have the time available to troubleshoot issues if things don’t go smoothly?
  • How much traffic do I get?
  • Has my site been hacked or attacked before?
  • What’s the business risk of having a compromised website?
  • If I wait and my website gets compromised because of a missing update, what is my recovery plan?
  • Can I simply recover a nightly backup and carry on?

It is impossible to predict with any accuracy how likely it is that your site will be compromised due to a missing update. It is important to know that even the smallest websites are still targets for hackers and malicious attacks, but certainly, the bigger your site is and the more traffic you get, the higher the risk.

Please get in touch if you have any questions, we would be happy to chat with you about your website maintenance plan.