I’ve used WordPress going on 14+ years now. It’s awesome, and I couldn’t imagine myself working with anything else. However, just like with every platform, there are ways to form what I call “good and safe” habits. Today I want to discuss a little bit about updating WordPress plugins and themes and why I typically recommend users to wait before updating to the shiny new version.
Trust me, this will cause you less stress in the long run. 😉
Wait to update WordPress plugins and themes
We all love new and shiny things, and updates to our favorite plugins and themes are always exciting as sometimes they mean new features and capabilities. It’s very tempting when you log in to your WordPress dashboard and see pending updates to click “update all” and move on. However, this is what I urge you not to do! ✋
Why? Because developers are humans, just like the rest of us. They sometimes make mistakes. Trust me, my brother and I develop our premium WordPress plugins, and there has been a time or two where we have pushed out bad code by accident and then immediately had to push another update to fix it.
I don’t care how big of a development team is behind a plugin or theme; they will always be prone to humans errors.
What happens when a developer accidentally pushes out bad code? Well, for one, it can take down your entire site. Or it can simply break other functionality that you might not even realize until later. Here are a couple of examples of plugins that I use that have had issues. I don’t want to single anyone out here, as it happens throughout the entire WordPress marketplace.
This first plugin introduced some bad code that would actually freeze the media library. 😦
This second plugin introduced some bad code that would actually cause a 500 error on your WordPress site. 😥
This third plugin rolled out some big updates that were actually pretty great, but in the first go around it resulted in needing to patch a bunch of fatal errors.
This fourth plugin rolled out some updates which negatively impacted Schema and how Google was crawling them in SERPs. This then started throwing errors in Google Search Console.
These types of bad updates actually happen a lot! I see patches to fix a patch multiple times per week.
My recommendations for updating plugins and themes
So what is the safest route to go? Here are my recommendations when it comes to updating plugins and themes on your WordPress site.
- Don’t use automatic updates
- Look at the plugin/theme changelog
- Use a staging environment or take a backup
1. Don’t use automatic updates
First off, I never recommend using automatic updates for WordPress core, plugins, or themes. The one exception to this is when it pertains to maintenance and security releases. These are generally OK to let WordPress update on its own.
Some hosting providers have automated checks to try and automate plugin updates and then revert if they detect a problem. But I can’t tell you how many times I’ve seen this go wrong. After all, you are relying on AI to confirm that everything is OK. This might get better over time, but it’s not there yet.
Check out how to disable WordPress automatic updates.
2. Look at the plugin/theme changelog
The second thing you should do is always look at the plugin and or theme’s changelog. This can be found within the “Plugin” update section in your WordPress dashboard. Developers typically also have a link to their changelog on their website.
If there is a critical security update, then, by all means, you should update it right away to ensure your WordPress site is safe. Things like Cross-Site Request Forgery (CSRF), Cross-Site Scripting (XSS), etc., are important security buzzwords to look out for. If there isn’t, I recommend waiting a week or so before updating.
Why wait? Because in almost 99% of scenarios, if a developer pushes out bad code, if you wait a week or so, they will most likely have pushed out a fix, and in essence, you can bypass all the problems altogether. This is less of a headache for you, your clients, and saves you time.
In those four plugin examples I mentioned above, I didn’t update either of them within that time period and, therefore, never experienced issues.
3. Use a staging environment or take a backup
If, for some reason, an update has a feature or fix that you do need right away, then I strongly suggest using a staging environment to test with first (even for the smallest of updates!). Many hosts have staging environments now, so make sure you take advantage of them. This is what they are meant to be used for: testing.
If you don’t have time to test on a staging site, then at least take a snapshot (backup) of your site. With hosting providers like Kinsta, this literally takes 10 seconds, and then if you notice any problems later, you can instantly roll back.
Here is a screenshot of my Trello card that I use for weekly backups. I go through this once a week before making any updates to plugins or themes on my sites.
The next time that shiny new plugin update comes around ask yourself if you really need it today. If you don’t, and it isn’t security-related, wait a week or so. Trust me; you’ll thank me in the long run. I have been doing updates this way for a long time and seldom experience anything breaking anymore.Create an update schedule for your WordPress sites and stick to it (I recommend once a week). Otherwise, they will consume you. 🥘Click to Tweet
I would love to hear your thoughts on updating plugins and themes. What is your workflow? Let me know below in the comments.
21 thoughts on “Why you should wait to update WordPress plugins and themes”
The whole theme/plugin update dance is such an issue that we ended up baking it into the hosted/managed service we sell. We go so far as to prevent users from installing updates directly so we can test on staging installs before rolling out.
The only real exception to that rule are emergency security updates.
As for the workflow, we manage just over 100 installs all hosted on WPEngine. We update plugins via a proprietary deployment tool my Lead Tech Developer wrote to push themes and plugins out from a Git repo to each install: https://www.screencast.com/t/Rcapub31D3
We can push updates on a per site basis or per element (i.e. any site with that theme or plugin assigned gets the update).
This makes testing less time consuming but allows us to get the updates out ASAP once that process is complete.
That definitely sounds like the way to do it Drew. You had me at “prevent users from installing updates…” :)
I’m really happy to see more attention paid to this topic. While it’s a natural byproduct of successful open source software, anyone who has been a WP developer for more than five years has seen this become an increasingly tricky issue. I asked my Lead Technical Developer to write an article on the catch-22 of this where the other side of the coin is WP users who get one-off development projects and end up in update hell becasue no one prepared them for the notion of legacy costs: https://artshacker.com/update-pros-and-cons/
Thank you for this great article, Brian. I wonder how do you find out if the update is a “critial security update”? Is in the changelog of that update written “critial security update”?
Usually just look for the buzzwords “vulnerability,” “security update,” etc… Anything regarding security you should usually always update as soon as you can.
I am yet to face a problem due to updates and I’m the kind of guy who instantly clicks on ‘update all’ button every other day.
Thanks for the heads up and now I’ll try to read the update logs before updating. And it’s great that Kinsta provides staging environment.
It’s kind of a catch 22 though Brian. You want users to wait to update a few weeks, but the only way developers know there’s a problem is if the code is tested in more environments other than their own where it obviously works for them. So if everyone waited a few weeks, then no one would be reporting problems back to the developer. Now, I don’t mean to say that users are the gueniae pigs for developers, but just that no matter how diligent developers are in having Unit testing and testing in as many environments and plugin/theme configurations as possible, there is an infinite amount of variations in any given WordPress site which makes complete testing impossible.
My best advice is not to wait — because what if it’s a security patch?! Update in a safe environment, either locally or a live staging site. If you experience problems, report them immediately. Encouraging waiting actually defeats the purpose of safety and iterative improvement.
Hey Matt, thanks for stopping by. It’s definitely a catch 22 situation and yes… if users would actually use their staging environments then this wouldn’t be a problem. I rarely see users actually making use of development or staging sites which is a pity, because that is what they are designed for.
I’ll make a little more emphasis on staging above :)
I wholeheartedly agree that using staging sites is the smart move, having said that, I’m not terribly happy about the idea of being an unwitting quality assurance agent for fee based themes/plugins.
I volunteer as a release tester for GeneratePress and am happy to do so and for the plugins I develop, I offer incentives to users who are willing to test out release candidate versions.
Having said that, all of my clients live inside a managed hosting environment that we control directly. So in those cases we automatically push those early release versions to their respective staging sites. All of which means much of the conflict points in this discussion topic are moot.
For free/freemium themes/plugins, I absolutely agree users need to be willing to endure some pain points via serving as live testers. After all, it’s free and the user is benefitting from that model. Getting feedback from that user base has value to the developer so it’s a reasonable symbiotic relationship at that point.
This is worth considering for plug ins – a pause at least.
But what about updates to themes? Not so frequent
but presumably updated due to similar issues eg security, compatibility.
But in my experience most theme producers do not provide detailed change logs
in the same way most plugin writers do. (or perhaps are required to
do on the WordPress plugin support site)
You’re right Patrick, most themes I have seen also tend to not always have changelogs that are up to par with those of plugins.
However, some do. I use the GeneratePress on this site and all my sites (https://woorkup.com/generatepress-review/) and the developer is great about publishing all changes. I think the key with themes is finding a good developer or team that creates it.
Creating a staging site to test out new updates before deploying to production is the way to go. That is exactly my workflow.
Great to see some needed attention to a topic that seldom get discussed.
Thanks Collins! Definitely a big problem, especially for those just starting to use WordPress. We should definitely be putting more emphasis on staging environments.
Brian, as always, useful topic for a post. It has made me rethink some of my update habits.
The one angle I didn’t see you explicitly address is the relationship between the Wordpress core and theme/plugin updates. In my observations, one of the main recurring reasons themes and plugins update are in response to Wordpress core updates.
Again, your suggestion of monitoring the change logs applies to this as well, but I thought it was worth mentioning. If I do run into an update issue, it’s usually from a plugin that hasn’t been updated (either by the site admin or by the plugin/theme developer) in response to a compatibility issue with a WP core update.
I think non-security updates for Wordpress core are worth sitting on too for a few weeks in some cases to make sure plugins have a chance to push clean compatible code.
That is perhaps sometimes true, but then there are plugins like Yoast SEO that probably push out 50+ updates in between WordPress updates.
But like you said, the reverse is also true. Sometimes plugin developers are the ones lagging behind. That is an even bigger problem lol. Oh the joy of using WordPress.
I learned this the hard way and received the white screen of death.
Great to see some ways to check before you update those plugins.
Thank you, Brian.
This should be a best practice for every website owner/developer. Very good article.
At Woody Creative, we manage more than 50 sites at WP Engine, and we have tended to update en masse with no real issues. If a plugin update caused a problem, it’s easier to roll back to yesterday’s automatic backup than it is to create Staging environments for all 50+ sites, update plugins in Staging, test, and then push Staging to Production. It might be a bit of a roll of the dice, but our clients are not willing to have us spend the time/expense to create all those Staging environments and do the testing (most are small biz owners). For larger clients or those who have more business-critical environments, we would treat them differently. My Two Cents!
Thanks for the input Mark! Your workflow should definitely be taken into consideration. 👍
Client: I have updated all the plugins, because it told me to. My websites not working now? Why is that?
Haha, exactly Mike! Clients updating anything when they don’t understand how it works is scary.