Out-of-date plugins are the source of over 50% of security incidents on WordPress. Don’t expose your sensitive information to nefarious intruders.
What are Plugins?
Plugins are responsible for adding additional functionality to your site.
Plugin functionality may be a simple as designating a custom logo on your login screen. On the other end of the spectrum, a plugin like “WooCommerce” introduces a TON of functionality including several types of products, orders, user accounts (& user dashboards), payment gateways, shipping, taxes, coupons and much more.
Even very basic sites will utilize numerous plugins to handle security monitoring, search engine optimization (SEO), collecting site usage statistics and performance optimization.
It’s important that plugin developers honor the best practices spelled out in the Plugin Developers Handbook to minimize conflicts with other plugins and maximize longevity.
Prepare for the Future
WordPress and the massive assortment of software libraries that it relies upon are constantly evolving. New releases commonly patch security vulnerabilities, improve efficiency or provide better compatibility with the devices and web browsers site visitors are using. Updates may also be a related to the evolution of softwre web hosting providers use to reliably and securely deliver site content from their servers.
Fortunately, the WordPress software development ecosystem is very mature, highly organized and very well documented.
It’s important that the developers responsible for maintaining plugins are tuned in to the WordPress Roadmap to ensure future releases won’t break existing plugin functionality.
Safely Updating Plugins
Applying updates can often be quick and easy. Failed updates could also be a disruptive and destructive nightmare without proper preparation.
Update Preparation & Procedure
- Verify the Site Admin email address is correct and accessible (Settings → General)
If a fatal error occurs, email is sent to the admin email address that includes a link for accessing the site in “Safe Mode” where problematic plugins may be deactivate and site access restored. - Verify access to the WP Engine User Portal (Contact us if you don’t have this)
- Have a rollback plan: devise a method to quickly rewind to pre-update state
- Choose an optimal off-peak time
- Create a backup
- Audition the update in consequence-free environment
Clone the live site to a Development Environment (Contact us if you need a new one) or run a Local copy of your site on your own computer - Consider deploying a “Maintenance Mode” splash page
- Clear the server cache
- Verify all site functionality is sound
- Deactivate “Maintenance Mode”
- Grab a snack. You’ve earned it!
Enabling Auto-Updates
WordPress regularly checks for available updates to installed themes, plugins and WordPress Core software. A count of available updates is prominently displayed in the Admin Bar for logged in users with Administrator-level access.
Reputable maintainers will typically do their best to avoid pushing breaking updates to their products, but it’s impossible for developers to test their code with every combination of active plugins, hosting environments and site settings. With that in mind, it’s important to have a routine in place to verify the site functionality your business relies upon continually functions as designed.
For plugins that you have full confidence are impeccably maintained, strictly monitored by the community for bugs and compatibility issued AND you trust updates won’t introduce conflicts, you may consider enabling auto-updates.
Before enabling auto-updates: Ensure you have regular backups scheduled at a good frequency, your site administrator email is correct (and the admin email mailbox is continuously monitored) and that you have site monitoring in place.
Site Monitoring
Be the first to know if you site is experiencing issues. Always ensure your site admin email address is correct and that the mailbox is continually monitored (“Administration Email Address” is set within Settings → General in your WordPress Dashboard).
- The JetPack Plugin may be configured to provide Downtime alerts
- Uptimerobot monitoring service is a good value and includes a free tier
- Nagios is a very mature open source project appropriate for more technical users
Hire O-WOW to Help
…or have us handle it entirely.
If keeping on top of updates to plugins, themes and WordPress core software is not your cup o’ tea, enlist the O-WOW Team to perform routine updates and diagnostics at whatever interval suits your needs and budget.