How to Update WordPress Safely (Manually & Automatically)

Updated on Dec 6, 2022

Keeping your WordPress installation up to date is mandatory if you would like to preserve your website bug-free and also secured with the most recent security fixes and updates from the WordPress team.

In this tutorial, you will find the following information:


Prior to Updating - Create a Backup

Usually, WordPress updates are quick and easy to make. Making a lot of minor updates frequently minimizes the risks associated with running an older version of WordPress and the possible risks of breaking your website or losing data during updating.

However, statistics show that just 39% of users use the most recent version, and 0.18% of the remaining users use versions older than 3.7. This particular WordPress version is significant because it heralds the debut of automatic background updates and the safe updating procedures that went along with them. Updates from version 3.7 to the most recent version are generally thought to be more dependable than updates from an earlier version. To be on the safe side, we advise you to make backups often, even while performing minor changes.

With the help of the guide provided below, you can update directly to the most recent version of WordPress if you are still using an outdated version, such as version 0.7 or version 2. However, until you reach version 3.7, we urge you to update to the following major version and finish the process with the 1-click dashboard update. This way, you will be able to keep a close eye on the updating procedure, especially if your website has a lot of data. You may verify that each feature on your website functions as intended in between updates.

  • Backup Files - You must back up both your files and database before doing a backup. It is simple to protect your data, especially if your website is modest. For sites below 1GB, you can navigate to cPanel → File Manager.

Access File Manager

The location of your WordPress installation may be found here. If your installation is in a subdirectory, you can compress the complete folder instead of just the public_html, which is typically the case. Remember that to do this; you must have adequate free space on your hosting package. After creating your backup, we advise leaving at least 1GB vacant.

Note that you must have "hidden files enabled" to archive your .htaccess file, which is very important for your website's correct operation.
Show Hidden Files

We strongly advocate using an FTP program to connect to your hosting account and download your data for sites larger than 1GB. If you are unfamiliar with installing and using an FTP client, our in-depth tutorial on how to operate with popular FTP clients should be able to help.

By creating a backup of your files, you may protect custom theme modifications, plugin setups, and all other data from loss or corruption.

  • Database - The Database is involved in the second step of the backup procedure. Your posts, pages, and links are either kept in the database as actual values or are represented by those values. The database is interconnected with numerous features and files on your website, making it an essential component of its functionality. Check out our "Backing up your website manually" tutorial for more information on using phpMyAdmin to export your database.
  • Validation of File Copies - The validation of the saved data is a crucial step many users neglect.

    Have you ever changed a photo on your computer, erased it, and then discovered that a copy of it was not made or that it was not available for viewing?

    Imagine that your entire digital identity, business, and source of income are stored in thousands of files. Deactivating your plugins is the last thing you need to do. Some plugins alter WordPress' functionality by extending the relevant code in a new way. As a result, updating while your plugins are running can cause problems with their settings and the files they use.

Make sure you have your backup BEFORE you continue. If you need assistance, you can always rely on our technical support team and ask them to do the backup for you. Also, we strongly advise against making such updates on your base website. Instead, you should clone it and try whatever you need on a testing website.


Why Update WordPress?

As we've already established, upgrading is not something you have to do on a regular basis. Think of it as something you should anticipate instead. The advantages are enormous and only take up a small amount of your time. If you haven't already, the following new data should persuade you to join Team Update:

  • Security Improvements - 61 percent of compromised websites used an outdated version of WordPress, whereas just 8 percent used weak passwords. 31.5 percent of the 4000 vulnerabilities are in the core, 14.5 percent are in themes, and 54 percent are in plugins.
  • Bug Fixes and Stability Patches - WordPress frequently adds new features and tweaks, but occasionally the helpful upgrades are accompanied by issues. Although that is a necessary step in the process, the WordPress team works quickly to fix any flaws from the previous version in the current one. Numerous issues have been resolved, just in versions 5.0 to 5.2.3. Performance has also generally been enhanced, especially with the use of more recent PHP versions, as we already covered in our blog post on PHP 8.1.
  • New Features - One of the key considerations when selecting a platform for a website is the number of features and how user-friendly they are. We have noticed a number of helpful features throughout time. Before being incorporated into the core, several of them first existed as standalone plugins. We also see many plugins being expanded or combined with others due to the new ways the platform allows us to use its "frame" as a foundation.
  • Better Compatibility with Themes, Plugins, and Other Tools - As the WordPress Core develops, plugins and themes—especially premium ones—tend to grow in features. This is a result of the new code indicated above being uploaded to the Core and enabling authors to improve their products. In addition, as we already explained in our post on PHP 7, the platform delivers updates to the PHP version, which improves performance. As a result, users of older WordPress versions will miss out on all the latest and greatest features and may even endanger the reliability and security of their website. When you don't upgrade the platform, you greatly increase the security risk because using an earlier Core version also necessitates using some obsolete themes and plugins.

What Requires Updates in WordPress?

  • Core - The files that make up WordPress a platform—the foundation on which you develop your content and website—are collectively known as the WordPress Core files. Some core files you are likely to work with at some point in your online journey are functions.php, admin.php, .htaccess, and wp-config.php. The functioning of the admin dashboard, link structure, database and file interactions, your settings, the features that can be used on your website, and many other things are controlled by these files. Unlike plugins and themes, core files are an essential component of your WordPress installation and cannot be removed.
  • Plugins - It is advised against using the automatic update all plugins button while doing plugin updates. This is because plugins can conflict with one another, especially if you have downloaded two or more to perform related activities and they are complementary. Each plugin's changelog should be reviewed to see which versions you are updating from and to. Then go over each change and search for inconsistencies. If you notice a fundamental change, make a backup first, then an update. In contrast to updating ten plugins at once, updating the plugins one at a time allows you to quickly identify when and why a problem occurred. After a large update, identifying plugin compatibility problems can be a headache. For more information on this, you can check our How to Prevent and Troubleshoot Faulty Plugins in WordPress blog post.
  • Themes - Regularly updating themes will eventually rewrite any files you may have modified to improve the online appearance of your website. Using a child theme is a great approach to changing the default theme. Child themes are frequently utilized to test theme features before implementing them on a website. They are exact replicas that you can use as a development environment without tampering with the original data. In our How to Create a Child Theme tutorial, you can read more about Parent and Child themes.

How to Update The WordPress Core

You may update your WordPress installation in a number of different ways, each of which has a distinct level of complexity and utility.

How to Update WordPress via the Admin Dashboard (1-Click)

With only one click, the simple updater (after WordPress 3.7) will move you to the most recent version. It is possible to update with only one click from version 3.7 to any later version throughout this safer upgrading process.

First, click on the link that says "Please Update Now":

WP Updates

You will be reminded to back up your files and database, so if you've already done that, you can click on Update Now to continue.

After a few seconds, you will see the welcome screen of WordPress, inviting you to check the newest features of your website.

Welcome to WP

How to Update WordPress via Softaculous

It may not come as a surprise that Softaculous offers updates similar to the 1-click dashboard update, as many of our clients use it to install WordPress and build their websites. Go to your cPanel Softaculous to start an update that way. Your dashboard will display a red button if there are any outdated installations:

Softaculous Installations

Click on that red button and then click to update your installation:

Update via Softaculous

On the next screen, you will be able to Upgrade your WordPress installation.

Upgrade WordPress

Please note that Softaculous's most recent versions are not always accessible the day they are released. You can also make a backup here that you can restore from.

How to Update WordPress Manually Via FTP

To help you with updating, the folks over at WordPress have provided an extensive release archive. That means that by manually updating your website, you have better control over the process compared to 1-click and automatic updates.

Download The Latest Version of WordPress

You can download the version to which you want to upgrade via the link mentioned above. Click on the .zip link if you're going to upload the files via FTP later.

If you are going to use SSH, you can download the file directly into your hosting account, thus skipping step 3 by utilizing the following command:


In this case, version 6.0.3 will be downloaded as a tar.gz file which you can then decompress by using:

tar -xzvf wordpress-6.0.3.tar.gz</pre



After decompressing the file, you should fix the permissions and ownership of all files for security reasons. Here’s the command for that:

find -type d -exec chmod 755 {} \; && find -type f -exec chmod 644 {} \;


To use SSH Access on Shared Hosting, you need to first allow your IP address, as seen in our tutorial here.

Note that the command above should be executed when you’re INSIDE the specific WordPress folder where you decompressed the file.

This action will extract the contents of the package to a folder called "wordpress."

Note that SSH access is also available via your cPanel's Terminal tool. If you want to use a client, you can always utilize PuTTy, MTPutty, or another client of your choice. 

For more information on that client, visit our "How to use PuTTy" tutorial.

Access Your WordPress Root Directory

What you have to do with the files, is transfer them to the root directory of your WordPress. If your website is accessed just via just your domain, then your root folder will be public_html.

However, if you have installed the platform in a subfolder, you will have to navigate to that specific folder. If you’re unsure which one is your website’s main/root directory you can always check that detail via cPanel → Domains tool.

Prepare your existing installation for the update

Even though overwriting mistakes are uncommon, you can entirely prevent them by cleaning up your current WordPress directory and deleting a few files. Let's divide the installation's files into two groups.

Delete these Files and Folders:

  • wp-admin folder;
  • wp-includes folder;
  • wp-content/plugins/widgets folder;
  • wp-includes/languages/ folder - If you are using a language file, move it to wp-content/languages/ and then delete wp-includes/languages/

DO NOT DELETE these folders and files:

  • wp-config.php file;
  • wp-content folder - You will have to overwrite some files here when uploading the update.
  • .htaccess file;
  • Custom Content and Plugins - If you have any images or other custom content or Plugins inside the wp-content folder, do NOT delete them.

Upload New Versions

The WordPress Themes and Plugins are located in the wp-content subdirectory. These ought to be kept. Before adding any new or modified WordPress files to your new wp-content folder, upload all other files first. Replace any previous iterations of the default plugins with the new versions.

The wp-content/themes/default folder should be uploaded because the WordPress default theme has changed. If you have customized the default theme, you will need to review and install those modifications after the upgrade.

How To Update WordPress via WP-CLI

WP-CLI is useful for managing your WordPress websites from the command line. That is useful if you manage a lot of websites for you or your clients making WP-CLI the preferred tool for developers.

Currently, all of our hosting Packages are utilizing the latest versions of WP-CLI. Thus, you should be able to fully utilize the same, regardless of your plan with us.

Firstly, you will have to access your hosting account via SSH. Then you will have to navigate to the root directory of your website:

cd /home/user/public_html/yourwebsite

Be sure to replace the user and yourwebsite with your actual data, then run this command to check if there is an available update for WordPress:

wp core check-update
The output from that command will indicate the available update.
| version | update_type | package_url
| 6.0.3 | major |

If you are already using the latest version, you will see this message - "Success: WordPress is at the latest version."

To update to the latest version, use:

wp core update

The following output confirms the update was successful:

Updating to version 6.0.3 (en_US)...
Downloading update from
Unpacking the update...
Cleaning up files...
No files found that need cleaning up.
Success: WordPress updated successfully.

If you are experiencing issues such as WP-CLI reporting that your website is up to date when it is actually not, you can force the update to a certain version using:

wp core update --version=6.0.3 --force

Just change 6.0.3 with the version to which you want to update your website.

You can also update only to a minor version of a specific release branch. For example, the following command will update your WordPress to version 6.0.3, which is the last release before branch 6.1:

wp core update --version=6.0.3 ../

Lastly, if you only wish to update to a minor version, use:

wp core update --minor

This command will update 6.0.2 to 6.0.3 instead of 6.1.

How To Update WordPress Automatically

There were many discussions about the advantages and disadvantages of automatic updating when it was first introduced to the WordPress platform.

We strongly advise that you do not turn automatic updates ON. That goes, especially if you have a heavily customized WordPress website (many plugins, custom theme, etc.) Updating WordPress should be an educated decision. Before doing it, check whether all your plugins and themes are compatible with the new WordPress version, and only then proceed with the upgrade.

With Automatic Background Updates

WordPress versions 3.7 and up provide the ability to automatically check for minor updates every 12 hours. If you manage several WordPress installations, you can use that to save a lot of time. Additionally helpful if you don't want to miss out on the minor but yet significant security patches that arrive with minor releases.

This can also be changed, just as the majority of platform features. For example, if you also want to have automatic updates for major version changes, you can do that via the wp-config.php by adding:

define('WP_AUTO_UPDATE_CORE', true);

The automatic updates are enabled by default unless you use Softaculous to install the software without ticking the box. However, you still have the option to disable them by adding:


As we stated, we recommend the automatic updater to stay disabled at all times. Upgrading manually is far from a daunting task (requires a single mouse click).

Update WordPress With a Plugin

Of course, not every website owner feels comfortable editing the core files of the application he uses. That is why there are several plugins that can help you control your update settings. One of the most popular ones is the Easy Updates Manager, and the name fits pretty well.

With it, you can make changes to the core, plugin, and theme update behavior. You can disable all updates or enable automatic background updates with single clicks and no file code editing.



Persistent "Another update is now in process" - If you are working on a team project where more than one administrator role user has been configured in WordPress, you may notice this problem. Only one update process will begin if two or more administrators attempt to launch updates (which may be for the core, a plugin, or a theme) simultaneously. This error notice will be sent to the other administrators. When an update is started, that defense mechanism locks the database. This is done to shield it from a potential conflict in the event that another update tries to change the same records concurrently.

The lock is set up to release itself when the update is complete or after 15 minutes, which makes it an excellent approach to safeguard the database from corrupt tables, but occasionally the notice will still appear.

You can use two methods to manually remove the lock in this situation.

The first and more accessible way is by using the Fix Another Update In Progress plugin. Install and activate it, click on the newly created button in your dashboard's settings section, and then hit the "Fix WordPress Update Lock".

Utilizing phpMyAdmin and running a query in your database. We have a great tutorial on "How to use phpMyAdmin" which you should check out if you have no prior experience with this database administration tool.

Click on the wp options table in phpMyAdmin after choosing your WordPress database. Be aware that this table may appear as wpfg options if you have numerous installs because there are probably two additional characters following wp.


The two additional characters depend on the database’s prefix. It can be checked in your wp-config.php, which you should take a look at by using the cPanel File Manager or an FTP client such as FileZilla.

Now locate the option with the name core updater.lock and select Delete next to it. Return to your dashboard now, and click Refresh to get the error out of it.

Note that you should fix the wp options table if you cannot locate the core updater.lock option or if the problem persists even after you remove it. By selecting the table and selecting Repair Table from the "With chosen" drop-down box at the bottom of the page, one can do such repairs either using a plugin or directly from within phpMyAdmin.

Scrambled Content and UI - If your blog's content is out of order following an upgrade, you'll probably need to deactivate all of your plugins and reactivate them one at a time. This method will help you identify the plugin that is interfering with the design of your website. If at all possible, update the plugin or locate a different one, and don't forget to notify the plugin's creators of the problem, especially if it is a well-maintained one.

The process of updating a Multisite installation to version 6.x.x may get stuck forever (often at "Preparing to install the latest version"). This is known as the WordPress Multisite Network Update Freeze. This can happen if a default theme is not installed alongside the one that is now active since WordPress needs a backup theme in case something goes wrong during an update. Install a backup theme so that WordPress can continue updating.

Stuck in Maintenance Mode - WordPress will automatically put your website in maintenance mode whenever you start an update to stop users from viewing incomplete content. This usually occurs extremely quickly, and since changes take seconds, your visitors won't even notice. However, if the process is interrupted, your upgrade may be in jeopardy, and your website may remain in a permanent maintenance mode.

The easiest way to escape this sticky situation is by accessing your installation files and finding the .maintenance file, which is usually created when starting maintenance and removed when it's over. A complete guide on removing maintenance mode in situations where it becomes a problem can be found in our How to Fix WordPress Stuck in Maintenance Mode article.

At its core, WordPress is a complex program with roughly a million lines of code. With such complexity, various functions interact with one another, and eventually, outdated components are deleted or replaced with newer, more sophisticated ones. The platform is updated often to ensure that the risk of someone trying to exploit outdated or inefficient code is kept to a minimum while also giving you and your website's users access to the newest features.

Please get in touch with us if you come across anything that we haven't covered in this comprehensive instruction. In this approach, we may continue to refer people who need information about updating WordPress to this page.

On this page...

    WordPress Hosting

    • Free WordPress Installation
    • 24/7 WordPress Support
    • Free Domain Transfer
    • Hack-free Protection
    • Fast SSD Storage
    • Free WordPress Transfer
    • Free CloudFlare CDN
    • Immediate Activation
    View More