Ahhhhh…plugins…those magical little jobbers that make your WordPress website do wonderful things with little to no effort on your part. Where would we be without them?
Plugins make A Fearless Venture faster, more beautiful and less prone to errors (and more creative if you do get an error). I’ve used plugins on others’ sites to help them build an e-mail list, sell products and downloads, book massage appointments and hire themselves out as pooper scoopers (no kidding!).
If WordPress tried to include these kinds of capabilities – aiming to be everything to everybody – it’d turn into a big, bloated mess that worked well for pretty much nobody. That’s why it makes sense for them to stick to a core set of features that make it useful to so many of us, and to allow pretty much anyone to add more functionality with plugins.
But (dang it), that business of enabling pretty much anyone to hook into WordPress is not without its drawbacks. In fact, the downside of plugins can be such a bloody disaster that I think it merits a whole other post. I mention it here because I want you to have a sense of why you ought to hesitate to add plugins, but not hesitate to update them. Mostly 😀
WordPress plugin updates – a necessary evil
When you receive notification of an available WordPress plugin update, it’s often because the developer has added or enhanced features. Sometimes improvements are needed so the plugin will be compatible with a new version of WordPress. And occasionally, an update is released for security reasons.
When your website is important to your blog or business – but not something you enjoy working on for its own sake – you need to know what to do to keep things running safely and securely. Preferably with a minimum of hassle. So let’s get into when it’s safe to click update and run, when you should exercise more caution and how to set yourself up for no-hassle updates going forward.
Be like Nike (just do it)
If you can say yes to the following, you’re 99.9% unlikely to have a problem if you just click update and let ‘er rip:
- You keep WordPress itself updated.
- Your site is built on a well-coded theme from an active, reputable developer or theme shop.
- You’ve judiciously chosen your plugins and you keep them updated.
- You have a backup you can easily restore in the unlikely event an update does make things wonky.
That last bit about backups can make you downright cocky. Not a bad thing. As often as WordPress and plugins need updates, it’s good to just click update and not worry.
My backups aren’t the easiest to restore, but I’m a nerdy girl and have only needed a backup once so I risk it. The easiest backups ever – for newbs and nerds alike – are via VaultPress (of course…it’s a service of Automattic, the company that makes WordPress).
Here, fear is healthy
If any of the following apply, caution is in order:
- You’ve fallen behind in your updates to either WordPress or plugins.
- The plugin that needs an update is one that’s burned you with past updates.
- A “developer” “customized” the plugin that needs to be updated.
- You don’t have a backup you can easily restore yourself.
- The plugin that needs an update hasn’t yet been marked as safe for your version of WordPress [I’ll show you how to check that in a sec].
There’s one exception to all of the above: If the reason for the update is to fix a plugin that’s vulnerable to hackers, update that sucker and let the chips fall where they may. Once word gets out about a plugin’s vulnerability every cretin with a wifi connection begins scanning the internet looking for people who’ve yet to update. How do normal folk figure out why a plugin has been updated?
We check the Changelog, y’all.
How to open the pop-up that has the Changelog tab
Update? Or wait? What you, a fearless non-nerd, can look for in the Changelog to help you decide
What version of WordPress is running on your site?
How to update WordPress plugins without breaking your site
- Wait a week, just in case – as long as the Changelog doesn’t say the update is needed to address a vulnerability.
- Make a backup. Even if you don’t know how to use it, it’ll be there if something goes wrong and you have to hire someone to help you. Here’s a good backup plugin [free].
- Optional but recommended: Deactivate, then delete, any plugins you can do without.
- If a WordPress update is needed, do that first. Once complete, have a thorough look through your site and make sure nothing’s broken.
- If more than one plugin requires updates, do one update at a time, checking your site thoroughly after each update.
- If anything goes wrong, take note of which plugin caused the problem. Then, restore your site using the backup (or hire someone to do this for you).
- Subscribe to my $49/month maintenance service that includes off-site backups, security scans and plugin and WordPress updates. [It’s not on the site yet, but get in touch and I will set you up.]
The safest – yet most impractical – way to update
If you look around the internet for advice on how to safely update WordPress plugins, you’ll inevitably find some other web developer telling you that you need to make a copy of your site and update that instead of your live site. I can confirm that is indeed the least risky way to update. But for average folk who just need to get the job done and have to do it themselves, it’s unrealistic.
I’ve worked with enough solopreneurs that I get how impractical it is for you guys. Hell, it is for me, too – I’m solo as well. Unless I’m redoing my entire site I’m not working on a copy.
Don’t overthink it
In my eight+ years of working with WordPress, on my own sites as well as those belonging to clients, I’ve had trouble with updates only a handful of times. Once was with the popular and solidly-coded Yoast SEO plugin. Somebody missed a semi-colon or something like that and breadcrumbs disappeared from my site after the update. Not a show stopper. Other incidents were even more forgettable.
My advice? Keep it simple. Don’t install plugins you don’t absolutely need, or plugins that show signs of abandonment (no recent updates, unanswered complaints). Keep it current. Log in to your site and update regularly, or subscribe to a maintenance plan to handle it for you. And have a backup plan. Set up automatic backups so you can update without a major freakout if there is a glitch.
Did I miss anything? Or spark any questions or further ideas? Let me know in the comments below.