> 59% running out of date versions of WordPress.
Doesn't count sites running 4.3.0 versus 4.3.1.
This is just the WordPress core.
The person in charge of the site is a communications person, not a WordPress or web person — updating the software is not their area of expertise, and they do not want to break things.
Management does not want to pay the agency they hired to create the site to regularly update it because it is "too expensive" — so they have the agency update the site only certain things, occasionally (0-2 times per year). Last core update was five months ago in May 2015.
There are 37 plugins, 19 needing updates. Of the 31 active plugins, updates to 7 fix known security issues.
The active theme also needs to be updated to fix a security issue.
The WordPress core update fixes security issues.
If your site is broken into by an attacker via a known security problem...
Image credit: Skitterphoto at Pixabay. Public domain.
The more updates that are outstanding for a site, the more daunting it will be do actually do the updates.
Bigger risk of something breaking.
Which update broke the site?
Many people find it easier to stay at the bottom of the pit rather than getting dirty trying to climb out.
It's not just the number of updates, but also how much of a jump each update is: updating from 1.2 to 1.3 is much less risky than updating from 1.2 to 2.5.
In the long run — ignoring luck — it is quicker, easier, and less risky to do frequent small updates rather than infrequent larger ones.
If you get lucky, nothing breaks, and your site is not broken into, then the infrequent updates will be quicker and easier. But if you're unlucky, then you'll spend much more time and effort with the infrequent updates, and it will also be more stressful.
Again, the biggest problem with larger updates is being able to find and fix the problem if something breaks. But another issue is that your site is more at risk of being broken into between updates.
To help minimize the risk of updates, reduce the number of activated plugins.
Fewer things to break
Less frequent updates
Keep only the plugins that are important — try for 15 or fewer, if possible.
Ironically, although a plugin that hasn't been updated in a long time means less work, it may also be at higher risk of breaking — consider replacing it with a plugin that is actively being maintained.
A large number of plugins also slows down your site.
After each update, test your site's functionality.
Does everything still work? If not, back out the most recent update.
The checklist above is specific to the University of Michigan site on the previous slide that needs updates. Develop your own test plan that covers the special functionality of your site.
In addition to features and functionality, make sure you test the site's speed, too.
If you make only one change at a time and test everything immediately afterward, you'll find out about and fix problems before they affect your visitors.
Test the updates on your test site before doing them on your live site.
If you don't have a test site, set one up:
Kellen Mace will give a presentation on "Getting started with VVV" in this room at 3:30pm!
Sometimes something unexpected happens. That's why you need...
(Image credit: UrpleB3atin at DeviantArt CC BY-SA 3.0)
Make regular backups of both your live and test sites, using BackupBuddy or a similar plugin.
Ensure that you back up both your WordPress sites' files as well as their databases.
Periodically test your backups to be sure they are usable. If an update causes problems, you may need to use a backup to downgrade your plugin, theme, or entire site.
Making a backup is the very first step in the official WordPress documentation for how to update your site.
If you can't fix the problem yourself, report it.
Get your site working again:
If the update was several releases ahead of the older version, try the versions in between to help narrow down exactly when the problem was introduced.
After getting your site working again, do other updates while waiting for the problem to be fixed.
WordPress 3.7 and later versions will automatically do minor updates to themselves (but not to plugins or themes) if
wp-config.php
file:
define( 'AUTOMATIC_UPDATER_DISABLED', true );
define( 'WP_AUTO_UPDATE_CORE', false );
To do either automatic updates or one-click updates, the filesystem permissions on WordPress' files must allow the web server to modify the files. This is the case for most WordPress sites, but not for the example site we saw earlier.
"Minor" updates are those where WordPress goes from version X.Y.Z
to X.Y.(Z+1)
, for example from 4.3 to 4.3.1.
If you want WordPress to do major updates automatically — for example, from 4.2.5 to 4.3 — add the following to wp-config.php
define( 'WP_AUTO_UPDATE_CORE', true );
The example site we saw earlier was running WordPress 4.2.2. If we enabled automatic minor updates (the default), it would automatically update itself from 4.2.2 to 4.2.5 and then stop. A site administrator would then need to do a one-click update to 4.3.1 from the WordPress dashboard.
A number of plugins are available to let you manage WordPress' auto-update features from the admin dashboard, including features that are not configurable through wp-config.php
.
As examples, check out the Easy Updates Manager or Update Control plugins.
For more detailed information on updating WordPress, the official WordPress documentation includes two sets of instructions:
Updating themes can require some extra work, depending on your site's situation.
If you are not using a child theme and have not modified any of the files for the theme you are using, simply update the theme in the same way you would update a plugin (either via one-click update, or manually).
Customizing your theme using controls provided by the theme itself does not count as "modification". Any settings or configuration you make via your web browser will be preserved when you update your theme. But if you have used an editor (including the built-in WordPress file editor) to change any of the CSS or PHP files belong to the theme, see the next slide.
If you modified your theme files without creating a child theme, your modifications will be lost when you update the theme unless you take special steps:
wp-content/themes/THEME-NAME
) to your local computer, renaming it to have "-modified
" at the end of the theme name.Make sure you always make a backup before updating anything!
If you keep good notes on exactly which things you modified in which files, you can skip steps 1-3 and just refer to your notes in step 6.
Simply update the parent theme (via one-click or manually) and you won't lose any of your modifications.
However, child themes work by overriding entire files in a parent theme. If you copied a significant portion of the PHP and CSS files in a theme (for example, more than 10% by file size), you may want to re-create the child theme once per year in order to get changes, features, and fixes that the theme author made to these files over time.
When you copy a file into your child theme, copy it twice and add "-original
" to the name of one of the copies. You can then use diff or WinMerge to see what changes you made, which will make re-creating the child theme much easier later on.
Want to talk? I'll be at the Happiness Bar, or
Mark Montague mark@catseye.org