How to Update WordPress Plugins and Themes Safely

Updated on Nov 29, 2022

The longer you put off updating, the more difficult it will be. Some updates expand on previous ones. Changes to templates and how data is stored in the database that is more easily managed in increments may be made. Furthermore, and perhaps more importantly, updates can be critical for security. As a result, even a few days delay in performing a critical security update can put your site at risk. When a security vulnerability is discovered, the exploitable code is made public on the Internet. Hackers can quickly create bots that crawl the web and exploit these vulnerabilities.

The most common way hackers gain access to your site is through outdated themes, plugins, and WordPress versions (besides brute force hacks of your login). Even deactivated themes and plugins can expose your system. The following are best practices for keeping your website current.

Many people provide maintenance plans to help you stay current. The issue with some of these plans is that they provide updates on a weekly, monthly, or quarterly basis. That approach does not work because security vulnerabilities necessitate timely updates. Those updates must be made as soon as possible rather than on a set schedule.

This post includes:

WordPress Themes and Plugins that are Safe to Auto-update

Plugins that run solely in the Dashboard and have no front-end interface are usually safe to update automatically, such as:

  • SEO;
  • Analytics;
  • Admin tools such as duplicate post or columns;
  • Broken link checkers;
  • 301 redirect;
  • Most form plugins;
  • RSS feed;
  • Jetpack;
  • Database optimization;
  • Backups;
  • Other monitoring plugins;
  • Image compression;
  • Security;
  • Patches and fixes to the plugins listed below;
  • Patches to themes;
  • Updates to the TwentySomething themes;
  • Genesis parent theme.

Plugins with a front-facing interface that you should manually update and then thoroughly test (or update on a staging environment first) include:

  • eCommerce (e.g. WooCommerce);
  • Multi-language (e.g. WPML);
  • Complex forms;
  • Events calendars;
  • Registration;
  • Popups and lead generators;
  • Galleries and media;
  • Upgrades to any premium theme.

Backing up WordPress Before Upgrading

Make a recent, good backup of your site that you can restore from if an update or upgrade goes horribly wrong. Learn how to back up your files and database in this post. Make a FULL SITE (aka Complete) BACKUP and a DATABASE ONLY backup. Save both of these backups to your computer.

  • BackWPUp – Free plugin with numerous scheduling and remote sending options.
  • Duplicator – Backups can be scheduled using the Pro version. Free version for quickly replicating the site. Excellent for migrations.
  • BackupBuddy – Paid plugin. Excellent for scheduling and migration.
  • UpDraftPlus – BackWPUp is similar to BackupBuddy and is quickly becoming the most popular of the three. It offers both free and paid remote backup storage.
  • VaultPress – A great backup service because it allows you to restore to the previous day (or a recent on-demand backup) with a single click. This enables you to be more daring with your upgrades. If something fails to function properly, you can quickly restore the backup. There is no need to create schedules because VaultPress backs up your site daily for 30 days.
  • WorpDrive – WorpDrive is more cost-effective than VaultPress and works similarly if you manage multiple sites. You enter your FTP credentials and leave it to run on its own. In their interface, you can test your backups to ensure they work properly, as well as use their one-click restore feature.

Warning

Important: Limit the size of your backups! Large files and upload folders should be avoided.

Create a WordPress Staging Site

There are several approaches to building a WordPress staging site. The most straightforward option is to use your hosting provider's built-in staging site feature.

Check our guide on how to use the VersionPress Plugin.

Update WordPress plugins

  • Replace decommissioned plugins. On WordPress.org, look up the last update date of your plugins (or wherever you purchased the plugin). If a plugin hasn't been updated in six months, look into its viability. If it appears that support is no longer available, it may be time to look for a newer plugin that is better maintained. If the plugin hasn't been updated in two years or more, it's time to find a replacement. Using out-of-date plugins that are no longer maintained exposes your website to the risk of breaking or being hacked.
  • Regularly update WordPress plugins. Plugins must be updated as soon as updates become available, especially patches to plugins that contain bugs and security fixes. Hold off on major plugin upgrades until you've read the changelog on WordPress.org or the plugin's website to ensure that the upgrade won't break something on your site. When upgrading plugins, you may need to recreate any customized template files or stylesheets, as well as re-enter data. This type of information should be included in the changelog.
  • First, update WordPress plugins. If you are performing a major upgrade to your plugins and WordPress, you should first update the plugins and test them one by one. After upgrading WordPress, you may be prompted to update the plugins again to ensure compatibility with the most recent version. If a plugin is associated with a theme, you may need to update the theme in order for the new plugin to function properly.

WordPress Plugins (and Theme) Version Guide

Here's a general guide to help you tell the difference between updates, which usually don't break your site, and upgrades, which can have serious consequences.

Read the Changelogs

Changelogs will tell you whether a major update was made or if minor bug or admin interface fixes were made, as in these two examples:

Standard Software Versioning

Every developer uses different numbering system, so this is not a fault-proof guide, but it can help inform you of major revisions you should approach with caution. The only way to truly know what has changed with the plugin or theme is to read the change log.

  • 2.0 – This is a major version upgrade from 1.0 and will likely be entirely different from the original plugin. Backup, read the documentation, and upgrade with caution and spare time on your hands.
  • 2.1 – This is an update to the major version. May contain features that effect the way the plugin works on the site.
  • 2.1.1 – This is a patch and is safe to update without reading the changelog, though it might be helpful to find out what was fixed.

How to Update Premium Plugins

For premium plugins, always enter the license key. Take a look at the Envato plugin example below.

Purchase premium plugins, even if they come with the theme. Theme developers may be slow to update the plugins that come with their themes.

Plugin Template/Style Updates

  • Compare child theme templates to update plugin templates if the plugin uses customizable templates (e.g., WooCommerce, NextGEN Gallery, The Events Calendar).
  • The plugin may have moved, deleted, or renamed the stylesheets and templates in your child theme that you have mirrored.

How to Update WordPress Themes

Updating themes can be tricky because it will overwrite any customizations you've made to the theme's files (if they were not made in a child theme), as well as any theme options you've set.

Here are some things to remember:

  • If you modified the core theme files (rather than using a child theme), you must compare any changes you made to the files to the updated theme and make those changes on the new theme. This could take some time.
  • If you worked with a child theme, you should be able to update the parent theme without too much difficulty. However, you may need to compare any modified template files to the template files of the new parent theme to ensure that your modified templates have compatible HTML. Your custom template files may need to be recreated.
  • Because the new theme may contain new HTML IDs and Classes, your stylesheet changes may be ignored. (For more information, see "What to Do If a WordPress Plugin or Theme Upgrade Breaks Your Site" below.)
  • If the theme update is a "patch" (and you use a child theme), you can update without concern. If your theme has significant changes, plan on upgrading for up to a day! The amount of time required depends on how significant the upgrade is, how old the original theme was, and how many customizations were made to the theme or child theme.
  • Old themes may cause issues with new plugins you want to use or may stop working properly with the most recent version of WordPress. This is why, even if it's a pain in the buttocks, you must update.

You won't have to worry about "updating" a very static HTML/CSS theme that doesn't use any Javascript because there isn't likely to be anything that needs to be updated, except possibly some deprecated WordPress functions. However, if your theme is that old, your site is probably pretty boring, and you should consider changing themes to avoid looking dated.

The latest and greatest WordPress themes, like cars, have a lot more bells and whistles and require more time to update. Current WordPress themes have a lot more moving parts and features that work together. They are more robust and interesting, and will do everything except wash your dishes, but they do require upkeep, which can be time-consuming if the code has changed significantly between versions.

Updating WordPress Core Files

Some WordPress versions will clash with your out-of-date themes or plugins. For patches, such as 4.0 to 4.0.1, click the Update button, just as you would for themes and plugins. With major updates, such as 4.0 to 4.1, you should ensure that your existing plugins and themes are compatible.

It's a good idea to test the update on a local copy of the site. Except for one site that used the WordPress Multilingual (WPML) plugin, I had no problems updating any of my sites from 3.9.2 to 4.0. Many people had problems updating the WPML plugin. During the update process, I discovered that I had other issues with the site. For starters, I needed to update my theme! So I backed everything up, performed all of the updates locally, resolved any issues, and then copied the site back to the live site.

We usually check our plugins on WordPress.org or the plugin forums to ensure they are compatible with the most recent version of WordPress. If the WordPress upgrade includes a jQuery library update, the update may conflict with the jQuery library used by your plugins or theme. This will cause some jQuery functionality, such as your theme's slider or Ajax content editor, to stop working properly. The theme, as well as WordPress, must be updated.

How to Restore WordPress Theme or Plugin Files

If an update to a plugin or theme fails miserably, simply replace the theme or plugin files with the backup, you created above. If you're using a backup plugin, you can unzip your full backup and then FTP the old version of the theme or plugin to the wp-content → themes or plugins folder, overwriting the new version.

How to Restore an Older Version of a WordPress Plugin from WordPress.org

If the upgrade issue was related to a plugin on WordPress.org, you could reinstall the older version of a plugin easily without needing to go to your backups:

  1. Find the plugin on WordPress.org.
  2. Click the Developers tab.
  3. Download the older version of the plugin from the Other Versions list.
  4. De-activate and delete the new version of the plugin in the Plugins list in your WordPress dashboard.
  5. Click Add New plugin and upload the older version and activate it. If changes weren’t made to the database, this should work fine to restore your site to what it was before you upgraded the plugin.

How to Restore the WordPress Database

If you are not using VaultPress or don’t have access to a one-click restore of your site, you may have to restore both your files (via FTP) as well as your database manually. These instructions are a bit long, and I usually restore databases a bit more cavalierly. However, since I’m giving advice to you and not sure of your skill level, I want to make sure you don’t inadvertently delete the wrong database.

First, you will need to download the backup of your database you created before you upgraded. If you are using a backup plugin, unzip the database backup you created. You should see a file that ends with .sql.

  • Login to cPanel.
  • Go to the MySQL database wizard:
  • Follow the steps to create a new database, user, and password. Take note of the database name, database username, and database password. Be sure to give the new user All Privileges.
  • Click phpMyAdmin in your cPanel:
  • You may need the database username and password created in step 3 to login.
  • Click the database name on the left side of the phpMyAdmin window.
  • In the Structure tab, you should see “No tables found in database.”
  • Across the top of the screen will be a row of tabs. Click the Import tab.
  • On the next screen click the Browse button next to the file to use field.
  • Click Browse. Locate the backup file stored on your computer.
  • Make sure SQL is selected in the Format drop-down menu.
  • Click the Go button. The database tables will be imported.
  • Login to your site via FTP or the cPanel File Manager.
  • Make a copy of your wp-config.php file.
  • Edit the original wp-config.php file to contain the database name, username, and password created in step 3.
  • The old database is now restored.

Note

If you use BackupBuddy, you can use the importbuddy.php script to restore the database and overwrite the old database tables instead of creating a new database.

What to Do if a WordPress Plugin or Theme Upgrade Breaks your Site

First, if you broke the live site, you should restore it from a backup. If you are working in a staging environment, you can troubleshoot the site and move forward by using the following tips:

Read the Documentation, Changelog, and Support Forums

If other people have had similar issues, there's a good chance the solution (or at least an ongoing discussion) is waiting for you there.

Re-save Options and Use Correct Shortcode

If a slider or other plugin feature fails to load properly after upgrading, you may need to click SAVE CHANGES or UPDATE to reconnect the slider or feature to the page or layout. Check that all of the images and other settings are the same as they were in the previous version. Sometimes major updates contain so many changes that you must re-select all of your options. Some updates simply require you to click a button to Save the options in order for them to work again.

Some shortcodes in plugins or themes may have changed, so read the documentation and use the correct shortcodes.

Clear Your Site Cache and Browser Cache

Your site may appear to be broken after an update/upgrade, but this could be due to various cached files interfering with the proper loading of the site. Conflicting cached files can lead to erratic behavior. Log in to your WordPress Dashboard and delete any cached files in your caching plugin, followed by clearing all cached files in your browser. Try viewing or logging in using a different browser.

Troubleshoot Style Issues After Upgrading WordPress Theme or Plugin

CSS style modifications may not be applied to your new theme or plugin for a variety of reasons:

  • The HTML has changed. If the HTML IDs or Classes have changed, then the CSS used with the old theme and plugin will be ignored. To fix this, use Firebug or the Inspect Element feature in Chrome or Safari to identify the correct CSS selector and modify the selectors in your child theme’s stylesheet as needed.
  • The styles had been overwritten. When you updated your theme or plugin, a stylesheet or styles included in the theme or plugin may have been overwritten. This became apparent after major updates to the Revolution Slider. To fix this, copy the styles or stylesheet to the correct location. This could be in the theme or plugin options, or it could be in the FTP directory. Comparing the old and new sites will help you determine where this should go.
  • The location for styles moved. The location of your custom stylesheet may have changed, as with updates to The Events Calendar and NextGEN Gallery. Read the plugin documentation to learn where to put the new stylesheet in your FTP directory.

If Your WordPress Breaks (doesn’t load) After Upgrading:

Using these steps, you can identify PHP errors or Javascript/jQuery conflicts between your theme, theme plugins, and other plugins. The goal of these steps is to eliminate as many variables as possible before isolating the problem. To avoid your live site going down during the process, you should only do this in a staging environment.

If your WordPress site breaks, you can check our article on How to Fix the Blank Page Issue on your WordPress Admin Dashboard.

By eliminating variables (such as removing all the plugins and themes) and turning on the debug feature, you can narrow down the source of the problem. You may not be able to solve the problem, but hopefully, you will have narrowed down the source of the issues.

Final Words

We hope you get how important it is to update your WordPress plugins and themes securely. If you have any troubles, you can always turn to our support experts with hosting-related questions. Contact our specialists via Live Chat or with the help of our ticketing system. We work 24/7 to make sure your project is a success.

We hope you find this article useful. Discover more about FastCloud - the top-rated Hosting Solutions for personal and small business websites in four consecutive years by the HostAdvice Community!

WordPress Hosting

  • Free WordPress Installation
  • 24/7 WordPress Support
  • Free Domain Transfer
  • Hack-free Protection
  • Fast SSD Storage
  • Free WordPress Transfer
  • Free CloudFlare CDN
  • Immediate Activation
View More