WordPress Security: How to Update
WordPress, like any other web application, needs to be updated. The reasons not only include access to more features, but fixes to security holes. An unpatched WordPress install can be very vulnerable to security attacks.
You can tell when a update is available by checking the administrator dashboard. If a update is ready to be installed, you will see a notice bar at the top of the dashboard.
However, depending on your situation, you may have some work ahead of you. The reason behind this depends on the plugins and themes you use. Sometimes a WordPress update can break all or part of a plugin or theme rendering it useless, or worse, it could bring down your whole site. If your site requires maximum uptime, it is recommended that you check the plugin and theme developer site to see if anyone else is having issues with the new version of WordPress before you take the plunge yourself.
If you update and you notice issues with your site, try disabling plugins to see if one of them is causing the issue. If you find a plugin that is not compatible with the new version of WordPress you just upgraded to, contact the developer of the plugin and make him aware of the issue. In most situations, it is an easy fix for the developer and he can push an update for the plugin out quickly.
Themes are less likely to be broken by updates, however it can happen. Again, if you notice an issue with your site after you update to the new version of WordPress, and you have already check your plugins, try changing themes temporally to see if that resolves the issue. If it does, contact the theme designer and let him know that it does not work. It may not be as quick of a fix as plugins, but it normally does not take too long.
Another thing to keep in mind is not all issues may be noticeable. Because of this, it is highly recommended that you backup your WordPress site before you make any major changes (like updating to the new version).
In this next section, we will show you how to update your WordPress install using two different methods.
One thing to note, WordPress recommends disabling plugins before updating. This can help some headaches if a plugin is not compatible.
Built In Updater
WordPress has a built in tool for updating itself. This makes it very easy for us administrators to update our WordPress website. Below are the steps needed to take to update your WordPress install using the built in updater.
- 1) Log into the WordPress Admin Dashboard
- 2) Go to the Updates link located on the left menu.
- 3) Click Update Now
That’s it! However sometimes you may be asked to update your database too. In situations like this, all you have to do is confirm the change in the window that pops up.
[Start Pending Block = Waiting on softaculous to get the new version before doing this section]
Using SiteAdmin’s Web Apps or cPanel’s Softaculous Panel
We also have the ability to update WordPress directly from the web apps or softaculous panel if you installed WordPress using these panels. Here are the steps needed for SiteAdmin (cPanel coming soon).
SiteAdmin Web Apps
This section assumes that you are already logged into SiteAdmin
- 1) Click the Install & Manage Web Apps link found in the Web Apps section of the left menu.
- 2) Click the Manage Installed Apps tab
- 3) Click the Upgrade link corresponding to the WordPress you wish to upgrade.
- 4) Click the Upgrade button to confirm you wish to upgrade
- 5) Read the notice that comes up, you may be asked to do something.
- 1) Download the WordPress package from: http://wordpress.org/download/
- 2) Unzip the WordPress archive that we just downloaded to your computer.
- 3) Open your preferred FTP or sFTP client and connect to your account.
- 4) Delete the wp-includes and wp-admin folders.
- 5) Upload the copy of wp-includes and wp-admin found in the files we just downloaded.
- 6) Open the wp-content folder on your account using your FTP client and the files we downloaded.
- 7) Upload all the files found INSIDE of the wp-content folder we downloaded to your account using FTP. Overwrite any files that already exist.
- 8) Now go up one directory to the root of your WordPress install. Also navigate up one directory on your local copy that we downloaded.
- 9) Copy any “loose” files (NOT folders) found in our local copy to your account via FTP.
- 10) Browse to http://yourdomain.com/wordpress/wp-admin/upgrade.php where yourdomain.com and /wordpress/ would be replaced with your direct link to WordPress.
That’s it! You may need to clear any cache plugins you have in order to see the changes right away.
For more detailed instructions, please see the official WordPress update article.