Plugging In: Updating Your WordPress Utilities Safely and Securely
Want to know the number one reason WordPress sites get hacked as well as the number one reason users experience compatibility issues? It’s simply because the site itself—including those awesome little plug-ins that allowed you to customize your pages—isn’t working off the latest update.
Indeed, with an open-source platform like WordPress—and not to mention the thousands of plug-ins and themes available to users—it should come as no great surprise that bugs, security holes and the like are constantly being discovered and, unfortunately, exploited by nefarious hackers. That’s why it’s crucial for owners and administrators of WordPress-based sites to stay on top of the latest updates, especially those for the aforementioned plug-ins: they’re vital to keeping your site safe and secure and running at its very best.
For those who ask the question “is it safe to update my own plug-ins,” the answer is “yes.” However, before you do so it’s important to follow a few simple steps that can ensure nothing goes wrong and that—should something happen to threaten your site and its data—you can get back to running at one hundred percent quickly.
1) Before you do anything else, backup your WordPress data and all site files. Doing so will mean you have a duplicate of everything should a problem occur during the updating process. Indeed, there are even a nice handful of plugins that help you with backing up your site: UpdraftPlus, BackupBuddy and VaultPress are just a few. But you can also perform a backup manually by locating your directory, compressing it and downloading it to a secure location on your hard drive. It’s also recommended that you save a copy on an external device—a thumb drive, DVD etc.—or in a cloud-based service such as Dropbox.
2) Save any modifications or customizations you’ve made to your themes, which can sometimes be lost when performing an update. Navigate to “Appearance” then “Editor” in your WordPress backend, copy any changes you made to “functions.php, style.css” as well as any other files, then update your themes and paste the changes back. You can also follow the route of many WordPress users and create a “child theme” which allows you to customize or tweak an existing WordPress theme without losing the ability to upgrade that theme. Doing so will ensure you don’t lose any of your modifications.
3) Sometimes a new version of WordPress that you get when doing an update of the core contains changes that mess with the functionality of existing plugins. So it’s important to update those plugins before you do an update to the core. The upside to doing so is this: the people who develop plugins often get access to the newest versions of WordPress before anyone else, which means they can make sure their plugins are compatible before you do an update. However, experts recommend updating your plugins one at a time rather than all at once: then, if you notice something has gone wrong, it will be easy to spot exactly which plugin is causing the problem. If this situation occurs restore the plugin from your backup or contact the plugin developer.
4) Most plugins come with a “changelog” that lists all the fixes, enhancements and security updates contained within the update, and you can view that list be clicking on the “view version details” below the plugin’s description. If the list contains a security update, experts recommend performing it immediately; minor bug fixes or simple enhancements can wait a while. Those experts also recommend keeping tabs on the WordPress support forum immediately after an update or new release of a particular plugin: you’ll be able to see if anyone has noticed or identified issues with the plugin update and what is being done to remedy the problem.
5) As major updates to the WordPress core program occur fairly regularly, take the opportunity to take stock of your current plugins and themes and evaluate what you need and what you don’t. Sometimes the features of the most popular plugins get incorporated into the WordPress core, which means you don’t need that plugin any longer. Also, using too many plugins can result in performance and security issues, so keep only what you absolutely need and dump the rest. And keep a lookout for simple and basic plugins that can replace a function for which you’re using a more complex version: if you’re not fully utilizing all the features of the complex plugin, trade down to the simpler version which holds less risk for developing security or compatibility problems.