Join Morten Rand-Hendriksen for an in-depth discussion in this video Keeping up to date, part of WordPress Developer Tips: Locking Down WordPress.
- As of Version 3.7.1, WordPress ships with automatic maintenance and security updates. That means, if you have a live WordPress site on the web, and a new maintenance and security update comes out, let's say 3.9.2, then your WordPress site should automatically update to this new version. This is part of the process of making WordPress more secure, and it also reduces the amount of time you need to spend maintaining your WordPress site. This automatic update only applies to maintenance and security releases, meaning the releases that have numbers like 3.9.1, or 3.9.2.
For full version releases like 3.8, or 3.9, you still have to do a manual update, simply because the new full releases have large scale changes to functionality or to the core code, and you need to know what's going on before you make these updates. That said, any time a new version of WordPress comes out, it is always a good idea to update right away. That goes both for WordPress core, and also for all plugins and all themes you have installed. So let me show you how all this fits together.
Like I said, most of the time, these automatic updates should happen automatically on your site. But in some cases, for many different reasons, it might not happen. So, a good rule of thumb when you run your WordPress site is to always make sure you're up to date. And it's really easy to do so. If you're logged into your WordPress site like I am right now, the first thing you'll notice is that up here on the WordPress toolbar, there's this recycle like icon, and it has a number next to it. That tells me there's currently something on my site that's not up to date, in this case a plugin, and I need to update that.
So any time you see this icon you should always go and update whatever needs to be updated. But if I go to the back end of my site now, you'll notice that in addition to this warning up here, I'm also being told that WordPress 3.9.2's available, and I should update right now. That's because I disabled automatic version updates on my installation, just to show you how this works. So, if for some reason the automatic updates don't work, you're still going to be notified that something is off and that you need to update. And just looking at the screen, you can see there are several different indicators for me.
Up at the top here, the recycle icon now says 2, because we have both WordPress itself and a plugin, and in the menu in the admin panel, I see under updates we have a big red 2, and under Plugins we have a big red 1. So now I know I need to make an update, so I'm going to click on updates here. This takes me to the update page, and here I have a list of everything I need to update. First, WordPress itself, and I currently need to update. Then I have a list of the plugins, and if I had themes that required an update, you would see those listed as well.
So here in my case, I first need to update WordPress itself. So I'm simply gonna click on Update Now. WordPress will be quickly downloaded and installed, and I immediately get information about what this release is, in this case it's a maintenance and security release, and I can go look at the release notes. And now that I've updated WordPress, I can go back to updates again, and just check all the plugins that need to be updated, and click on update to get the new versions of the plugins as well. As you can see, updating WordPress, and updating plugins and themes is really simple, and can be done from inside the WordPress admin panel.
That said, some people have an aversion to updating because they've had the experience of updating maybe a version number, or updating a plugin and theme, and then discover that the site goes down in the process. Something goes horribly wrong. If you're one of those people, here's a hard truth. If you're updating your site and it crashes, it is almost a guarantee that this is because you have a theme that has some broken code in it, or more likely that you have a plugin with some broken code in it. WordPress itself is almost impossible to crash.
So if you're not updating your WordPress site because you experience a lot of crashes, you need to reconsider either the theme you're using, or the plugins you're using. And it's really easy to figure out exactly what's going wrong. If you have that experience, anytime you update WordPress itself and something goes wrong with the site, here's what you do. First, go to Appearance and Themes. And activate one of the default themes, be that 2010, 2011, 2012, or 2013, or 2014. Any of the default themes should work just fine.
Next, go to plugins, and deactivate all of your plugins. Simply check this box up here, go to bulk edit and just deactivate everything. Now update WordPress and see that everything works fine. If that's the case, then go back and reactivate one plugin at a time to see if something goes wrong. Because, if there's a conflict in the plugin after you've updated WordPress, WordPress will tell you that, it won't crash. Then, if all your plugins work fine, go back to your themes, and try to activate the theme that you were using.
If that takes your site down, you now know the culprit is the theme, not WordPress itself. I cannot stress this enough. Keeping WordPress, and your plugins and your themes up to date, is what's going to make your site secure. It goes the same way with all your other applications, it's just that all these other applications update automatically, you don't have to see it. In the case of WordPress, you still have to do some manual updates, although I can see a time in the future where that's no longer the case. But until then, keep an eye on the Dashboard Updates tab, and make sure you never see a number there, and when you do, update everything immediately.