Not sure how to update WordPress safely?
The core WordPress software, along with your themes and plugins, is a constant work in progress. If you want to access the latest features and keep your site secure and functioning, you need to promptly apply updates as they’re released.
In this post, we’ll help you do just that with a deep dive into WordPress updates and how to safely perform them.
Here’s everything that we’ll cover in this post:
- An intro to WordPress updates
- Basic update best practices (backups & staging)
- How to update the core software
- How to update plugins and themes
- How to update WordPress PHP version
WordPress Updates 101: What You Need to Know
Before we get into the tutorial, let’s go over a quick introduction to what you need to update and how things work.
What Different Types of WordPress Updates Are There?
In terms of WordPress itself, there are three main parts of your site that you need to update:
- The core software
There are also translation file updates, but WordPress will automatically handle these for you.
For the core software updates, you can further break things down into major releases and minor releases:
- Major releases (version number X.X, e.g. 5.1) – these add new user-facing features and developer APIs.
- Minor releases (version number X.X.X, e.g. 5.1.2) – these add security fixes or minor bug fixes and enhancements).
How Quickly Should You Apply WordPress Updates?
In general, you should try to apply WordPress updates as quickly as possible. Many updates contain important security fixes or bug fixes, so not applying them might make your site vulnerable to attacks or have other issues.
However, the urgency with which you apply updates depends on the update in question.
For core software updates, the priority depends on the type of update:
- Major releases – these only add new features, so you can safely wait to apply them. Your site won’t be any less secure if you wait a few weeks – you just won’t have access to the latest features until you update.
- Minor releases – these usually include security or bug fixes, so you’ll want to apply them ASAP. For critical security updates, your site might be vulnerable if you wait.
For plugin and theme updates, there’s no unified system to differentiate between feature updates and security/bugfixes, though many developers follow the same numbering system as core WordPress updates.
In practice, that means that you should almost always apply theme and plugin updates ASAP.
Does WordPress Automatically Apply Updates?
Yes and no. Since WordPress 3.7, the default WordPress behavior is to automatically apply updates for minor core releases. That is, you don’t need to lift a finger – WordPress does everything for you.
Again, minor releases are releases with two decimal points, such as 5.1.2. Because these minor releases only contain small security and bug fixes, the core team thinks the security benefits of automatic updates outweigh the risks of automatic updates.
However, by default, WordPress does not automatically apply updates for:
- Major core releases – e.g. WordPress 5.1
It is possible to turn on automatic updates for major releases, themes, and plugins. However, we would not recommend doing so because automatically applying these bigger releases could potentially cause compatibility issues.
Basically, you want to be around to test that everything is working when you apply major updates. Speaking of…
How to Properly Prepare to Update WordPress
Most of the time, you can update your WordPress software, themes, and plugins with zero issues.
However, because you’re making changes to the underlying software on your site, stuff can go wrong. For example, updating the core WordPress software might cause a compatibility issue with one of your plugins. It’s not likely, but it can happen. So – you want to be safe.
Even if 99% of the time you can update with no issues, you don’t want that 1% to be catastrophic, right?
To protect yourself from issues, you should always back up your WordPress site before applying updates.
To learn how to properly back up WordPress, check out our detailed WordPress backup tutorial.
For mission-critical sites, it’s also a good idea to test updates on a staging server before you apply them to your live website. This allows you to discover any potential issues before your visitors see them.
Many managed WordPress hosts make it easy to create staging sites. Or, if your host doesn’t offer its own easy staging feature, you can follow our Monday Masterclass on how to create a staging environment.
With those caveats out of the way, let’s get into the actual step-by-step process of how to upgrade WordPress.
How to Update WordPress Core Software
Reminder – make sure to back up your site before updating the core WordPress software, especially for major releases.
For casual users, there are two ways to update WordPress:
- From the WordPress dashboard – this is the simplest method, and what we recommend for most users.
- Via FTP – this is a good backup if you’re unable to use the in-dashboard update feature for some reason.
Developers and advanced users can also update WordPress using WP-CLI, which we’ll cover below.
If there’s a core update available, WordPress will notify you with a non-dismissable prompt at the top of every page in your admin dashboard:
To update the core WordPress software from your dashboard, go to Dashboard → Updates.
If there’s a new release available, you should see a prompt to Update Now:
All you need to do is click that button.
During the update, WordPress will automatically put your site into maintenance mode. As soon as the update finishes, WordPress will then automatically make your site live again.
Typically, the update only takes a few seconds so your visitors won’t even notice the change.
To manually upgrade WordPress via FTP, you’ll first need to download the latest version of WordPress from WordPress.org.
Once you download the zip file, extract it so that you can access all of the files inside.
Then, connect to your server via FTP and upload all of the files. When your FTP program displays a prompt about duplicate files, click the button to overwrite all duplicate files:
Don’t worry – you’re only overwriting the core WordPress files. You will not lose any of your customizations, nor will this affect your themes and plugins.
WP-CLI is a command-line interface for WordPress that lets you perform lots of different actions, including applying updates.
If your host supports WP-CLI and you feel comfortable working from the command line, you can upgrade WordPress using the wp core update command.
How to Update WordPress Themes and Plugins
Reminder – make sure to back up your site before updating WordPress themes or plugins.
In 2020, virtually all WordPress themes and plugins support easy WordPress updates via the wp-admin dashboard.
For themes and plugins from WordPress.org, these updates are on by default.
However, for premium themes/plugins that you’ve purchased, you’ll typically need to activate your extension with an active license key in order to be able to receive update notifications and apply updates from your dashboard.
For example, you’ll automatically receive update notifications for the free version of Elementor at WordPress.org. However, if you want to update Elementor Pro from your dashboard, you’ll need to have an active license key.
If you can’t apply updates from your dashboard for some reason, you can also update plugins and themes via FTP.
There are two ways that you can update themes and plugins from the WordPress dashboard.
First, if you go to Dashboard → Updates, you’ll see a list of all your themes and plugins with available updates. You can use the check-boxes to select which extensions to update:
You can also update plugins from the Plugins area of your dashboard. If you use the Update Available tab, you can filter out all of your plugins with available updates.
From there, you can either:
- Update an individual plugin by clicking the Update now link in that plugin’s description.
- Bulk update plugins by using the checkboxes and setting the drop-down to Update.
To update themes, you can go to Appearance → Themes. If a theme has an update available, you’ll see a notice and an option to Update now:
To update a theme or plugin via FTP, make sure to download the latest version of the theme or plugin from the developer. If it’s in a ZIP file, extract the ZIP file.
- Connect to your server via FTP.
- Go to wp-content/themes or wp-content/plugins
- Delete the folder for the theme or plugin that you want to update
- Upload the folder from the ZIP file that contains the most recent version of your theme or plugin
For example, to manually upgrade Elementor Pro via FTP, you would first delete the elementor-pro folder:
Then, you would upload the folder that contains the new version of Elementor Pro.
Don’t worry – you won’t lose any of your plugin content by doing this. All of your plugin content/settings are stored in your site’s database, so deleting and reuploading the files themselves won’t cause any issues.
How to Receive Email Notifications for Available Plugin Updates
By default, WordPress displays plugin update notifications in your WordPress dashboard. However, if you don’t log into your dashboard all that often, you might not see when there are new updates available for your plugins.
To fix this, you can use the free Mail On Update plugin to receive email notifications when new plugin updates are available. That way, you can promptly log in and apply the updates.
How to Update PHP in WordPress
If possible, we highly recommend testing any changes to your site’s PHP version on a staging server first. Not all plugins and themes have the same PHP requirements, so you’ll want to make sure you don’t run into any compatibility issues before updating PHP on the server with your live website.
PHP is the coding language that WordPress is written in. Just like there are different versions of WordPress, there are also different versions of PHP.
Newer versions of PHP are significantly faster, which can lead to noticeable performance improvements. Additionally, older versions no longer receive security updates, which makes them a security risk.
As of June 2020, WordPress recommends that you use at least PHP version 7.3 and the most recent version of PHP is version 7.4.
However, despite this, only about half of all WordPress sites are using PHP 7.3+.
The version of PHP that your WordPress site uses is controlled at the server level via your host – you cannot change it from your WordPress dashboard.
The simplest way to update your PHP version is usually to reach out to your host’s support staff.
Many hosts also provide an option in your hosting dashboard to change PHP versions. For example, here’s what it looks like at Kinsta:
Safely Apply WordPress Updates
If you have a WordPress website, it’s important to promptly apply updates, especially for security and bug fix releases.
In most situations, you can easily apply updates right from your WordPress dashboard. You can view and apply updates by going to Dashboard → Updates. If the dashboard method doesn’t work, you can also manually update WordPress using FTP.
If you’re using Elementor Pro, make sure to keep your license key active so that you can access Elementor Pro updates from your WordPress dashboard.
Do you have any questions about how to safely update WordPress? Let us know in the comments!