Most WordPress websites are enhanced by a network of plugins, continuously developed by a hoard of dedicated open-source developers.
If you’re in the driver’s seat of your company’s website, you might be faced with a glaring red icon next to “Updates”.
Updating plugins on WordPress is easy enough. For the most part, you can just click “update” on the plugin in your dashboard, and you’re done.
But if that doesn’t work, there are a few ways to do it manually.
This blog covers the four ways to update WordPress plugins manually – skip to that part here.
We’ll also explain why you shouldn’t be updating plugins willy-nilly – and how a monthly website maintenance service might be your best bet.
If you’re staring at a list of outdated WordPress plugins, it’s tempting to just:
But we recommend taking a breather and figuring out exactly what those curious notifications actually mean for your WordPress site.
As an open-source technology, WordPress and its plugins are constantly being improved by developers around the world to deliver optimal results for WordPress users.
Updated versions of plugins deliver many innovative benefits to your website, such as improved speed and shiny new features. Ensuring the maintenance of plugins can also boost your site’s SEO.
WordPress itself updates all the time, so keeping your plugins current ensures your WordPress website is functioning as it should.
But the more important reason to update your WordPress plugins is that, once they’re outdated, your website could be open to vulnerabilities.
Some of the most harmful malware attacks in history can be traced back to older plugins – even if developers fixed the plugin itself, websites that still had the outdated version were vulnerable.
As developers release new plugin updates, they fix any bugs or inefficiencies that became a problem in the last version.
So, yes, you must update your WordPress plugins.
The general consensus is once per month. If you leave it too long, you could be putting your website at risk. Lethargic website maintenance can put your data (and your customers’ data) at risk, damage SEO, and break your site completely.
But the more meaningful answer to this question depends on:
When you see that red notification pop-up in your WordPress dashboard, take note of it, but think twice before updating right off the bat.
Unless it’s flagged as a “security update”, it’s best practice to wait a week or two after a plugin update is released. Then you can be absolutely certain that developers have ironed out any kinks or bugs in the roll-out phase.
This is especially the case if you’re manning a large website or plan to attract a spike in traffic to your site, perhaps through a PPC campaign or product launch.
To help you gauge the impact the update could have on your site, it’s really important to take note of the number and read the release notes.
Plugin updates are usually a number with one decimal place, for example, “Yoast 18.1”. The amount by which the number increases in each update gives you an idea of the significance of the update and how much it will impact your website.
For example, if your WordPress theme plugin jumps from 2.4 to 3.0, hold fire and test the update carefully with your team.
Otherwise, your entire website could look completely different (or break). Without automated website backups, it’s a headache to revert back.
Your WordPress dashboard tells you when plugin updates are available. You see this in either the “Plugins” or “Updates” section in the admin bar.
Let’s walk through the manual plugin processes you can use:
Generally speaking, WordPress plugin updates can be handled relatively easily by simply clicking the “update” button when you receive a notification prompting you to install it.
You can also update plugins in bulk by selecting multiple and clicking “update” in your Plugins dashboard:
Important Note: if you’ve never done this before, be very careful updating your plugins in bulk. If something breaks your website, you need to be able to quickly isolate which plugin update caused it.
Sometimes, for various reasons, auto-updates don’t work. You might see a “Plugin Update Failed” error.
In that case, here are your other options…
You can manually update a plugin via FTP – you’re essentially deleting the old one that’s there and uploading the new one directly:
You could do this in bulk by deleting and uploading multiple plugin files.
cPanel is an admin panel that sits on top of complex backend details, so non-technical people can easily manage and make changes to their website without knowing how to code.
Your cPanel depends on what WordPress hosting service you use for your website. Once you’ve found your cPanel, here’s what you need to do to manually update a WordPress plugin:
If you’re not afraid of code, WordPress Command Line Interface WordPress Command Line Interface lets you update and maintain plugins most directly.
It feels a bit like this:
Once you know what you’re doing, you can make changes to your website simply by adding a line of code in the command line and hitting Enter.
To update a single plugin, enter the following command:
[user@server]$ wp plugin update <plugin_name>
And to update all your plugins, enter this:
[user@server]$ wp plugin update –all
But we only recommend doing this if you have experience using the command line.
The above walkthroughs are helpful if you need to take the reins for just one niggly plugin update.
But most sophisticated websites have 50+ plugins, and you ain’t got time to manually update each one.
This is where most decide to enable auto-updates for their WordPress plugins.
It’s super simple to do, just go to your plugin repository and look for the button that says “Enable automatic update”:
But here’s the thing: we don’t recommend you do that.
Sure, setting your plugins to update automatically saves you a lot of hassle, but there are several significant risks to this.
Plugin updates aren’t guaranteed to work seamlessly with your website. Although plugin developers rigorously test their plugins before releasing updates, the new version of your plugin might be incompatible with your site.
The consequences range from minor design flaws that are annoying but not devastating, to completely breaking your site and leaving it open to security breaches.
Here are three reasons why automated plug-in updates can be a nightmare:
So although automated WordPress plugins solve one problem, they can create a tsunami of other problems with a significant impact on your business.
Here’s what we suggest you look at instead:
For businesses that depend on the functionality and security of their website, plugin updates aren’t something to leave on autopilot.
Experienced web developers can make nuanced and informed decisions about:
For extensive websites and major plugin updates, an expert team usually backs up your website and runs the update on a staging server.
This allows them to test the plugin update without putting you (or your visitors) at risk. Even if something does go wrong, you’ve got a website backup protecting the latest version of your data.
WordPress website maintenance experts can also keep an eye out for WordPress plugin abandonment, which can happen and is one of the downsides of open-source technologies. But don’t worry, regular security checks flag these vulnerabilities before they affect your site.
By investing in regular website maintenance and security service, businesses have the assurance that a dedicated team of developers is keeping an eye on their website at all times.
Depending on your needs, your budget, and the plans you find out there, a website maintenance plan includes:
Our most popular website maintenance is $200 per month and includes all of the above services, plus more.
Even the smallest change can have a dramatic impact on your website’s performance and security. For that reason, we recommend businesses entrust their site with professionals who’ll monitor it 24/7.
But if you’re not ready for that, no worries. Our blog answers every business owner’s website-related questions – like, how secure is my website, really?
Onto those pesky plugins 🔌.