FREE 20 minute website audit. Advice, tips or a quick fix for your website.

Request a call or message me.

Maintaining and updating your WordPress website

Posted by Jonathan.

Last updated November 6, 2023.

The software your website is built on is always evolving. Developers continually release updates to improve performance and fix security flaws. Keeping your website’s software up to date means it can perform at its best and have the best protection from malware and attack.

Generally there are three areas of a WordPress website that that need updating:

  • The WordPress core software. This is the core software your website is built on.
  • Plugins. These are pieces of ‘add on’ software that give you extra functionality.
  • PHP. This is the underlying programming language. It needs updating far less often – every couple of years or so.

Updating WordPress and Plugins

Both your WordPress and plugin software can be updated in the ‘Updates’ page, found from your dashboard. It looks like this:

Screenshot of the WordPress admin 'updates' page.

How to know when an update is available

When a update is available you’ll notice a red number pop up next to the ‘Updates’ and/or ‘Plugins’ items in your dashboard menu:

Backing up your website

Before updating software, make sure your back up is up to date.

How to update

Updating the software is simple, but occasionally you’ll want to take additional steps to make sure nothing breaks.

This is the simple way to update your software:


From the ‘Updates’ page click ‘Update now’ under the heading ‘An updated version of WordPress is available’.


On the same page, check the box next to the plugins you want to update.
Click ‘Update Plugins’ underneath.

Screenshot showing 'update plugin' option

When to make a ‘Safe’ update

A ‘safe ‘update is one that can be rolled back quickly in the event of a problem, or one that can be tested before it affects the live website.

Sometimes it can be important to take extra care:

Major releases

When software receives a major update there’s probably a lot more development and code involved. Or, in other words, more to go wrong.

For a rough guide to the size of an update check the version number. If the first number of the version goes up by 1, then it’s probably a major update. Eg. from V to V 4. However if the number only increments by a small amount, like from V to V, it will be more minor.

For more information about a software update, you can always check the version details. Click the link to ‘view more details’. If the update includes a security fix, the developer ‘should’ have clearly noted it here.

Critical or ecommerce updates

If the software is crucial for your site’s operation, or there’s more to lose from a rogue update, you should take more care. Ecommerce software (such as WooCommerce) is a good example.

How to make a ‘safe’ update (the easy way)

ManageWP is a service that makes it easy to manage and update your website. The basic version is free but you can pay for an upgrade to make safe updates. These can be quickly rolled back if they cause a problem.

How to make even safer updates (the long way)

A good web host should allow you to easily make ‘staging’ copies of your website. A staging copy is just a duplicate that doesn’t. It can then be ‘deployed’, overwriting the live site. The advantage of this is that you can test the update on the staging copy risk free and only deploy it when you’re ready.

Every host has a different way of doing this, so check with them.

Should you use the ‘auto update’ option?

When you view your available updates, you’ll see an option to apply updates automatically in future.

It’s generally ok to do this for maintenance and security updates to the core WordPress software. This is already enabled by default.

You can also do this for plugins that won’t have a big impact if they go wrong. For example, image or speed optimisers. But if you’re not sure, play it safe or ask me.

It’s not recommended to automatically update every plugin. If something goes wrong and you’re not there to see it, problems on your website could go unnoticed.

How often to update

It’s best to update ASAP when the update involves a security fix. This should be stated in the release notes, which you can find by clicking ‘View Version … details’.

However, at other times you might want to pause before installing an update straight away. This is because new updates can sometimes introduce bugs that weren’t there before. Waiting a few days gives time for them to be identified and fixed.

Updating PHP

PHP is a bit different, as it’s a programming language rather than a piece of software. WordPress is ‘written’ in PHP.

It needs far fewer updates. However, after roughly two years each new version of PHP stops receiving security updates. Then it’s time to update.

Unlike WordPress and its plugins, you update PHP via your host. This is usually simple, but ask your host for more information.

Please note: There’s always a small chance of incompatibilities with your website. If this happens, you can simply switch back to the previous version of PHP and investigate further or seek help.

Did this help?

Did this guide help? Do you have any tips for keeping WordPress up to date?

Let me know below.

Leave a Reply

Your email address will not be published. Required fields are marked *