Why you should wait to update WordPress plugins and themes

I have used WordPress going on 10+ years now. It’s awesome, and I couldn’t imagine myself working with anything else. However, just like with every platform, there are ways to go about forming what I call “good and safe” habits. Today I want to discuss a little bit about updating WordPress plugins and themes and why I typically recommend users to wait before updating to the shiny new version.

Trust me, this will cause you less stress in the long run. 😉

Wait to update WordPress plugins and themes

We all love new and shiny things, and updates to our favorite plugins and themes are always exciting as sometimes they mean new features and capabilities. It’s very tempting when you log in to your WordPress dashboard and see pending updates just to click “update all” and move on. However, this is what I urge you not to do! ✋

WordPress updates available
WordPress updates available

Why? Because developers are humans, just like the rest of us. They sometimes make mistakes. Trust me, my brother and I develop our premium WordPress plugins, and there has been a time or two where we have pushed out bad code by accident, and then immediately had to push another update to fix it.

WordPress critical error
WordPress critical error

I don’t care how big of a development team is behind a plugin or theme, they will always be prone to humans errors.

What happens when a developer accidentally pushes out bad code? Well, for one, it can take down your entire site. Or it can simply break other functionality that you might not even realize until later. Here are a couple examples on plugins that I actually use that had issues this very month. I by no means want to single anyone out here, as it happens throughout the entire WordPress marketplace.

Plugin 1

This first plugin introduced some bad code that would actually freeze the media library. 😦

Plugin update freezes the media library
Plugin update freezes the media library

Plugin 2

This second plugin introduced some bad code that would actually cause a 500 error on your WordPress site. 😥

Plugin causes 500 error
Plugin causes 500 error

Plugin 3

This third plugin rolled out some big updates that were actually pretty great, but in the first go around it resulted in needing to patch a bunch of fatal errors.

Multiple fatal error bugs being fixed
Plugin has fatal error bugs being fixed

Plugin 4

This fourth plugin rolled out some updates which negatively impacted Schema and how Google was crawling them in SERPs. This then started throwing errors in Google Search Console.

Plugin update bad schema code
Plugin update bad schema code

These types of bad updates actually happen a lot! I see patches to fix a patch multiple times per week.

My recommendations for updating plugins and themes

So what is the safest route to go? Well, here are my recommendations when it comes to updating plugins and themes on your WordPress site.

  1. Don’t Use Automatic Updates
  2. Look at the Plugin/Theme Changelog
  3. Use a Staging Environment or Take a Backup

1. Don’t use automatic updates

First off, I never recommend using automatic updates when it comes to WordPress core, plugins, or themes. The one exception to this is when it pertains to maintenance and security releases. These are generally OK to let WordPress update on its own.

Some hosting providers have automated checks to try and automate plugin updates and then revert if they detect a problem. But I can’t tell you how many times I’ve seen this go wrong. After all, you are relying on AI to confirm that everything is OK. This might get better over time, but it’s not there yet.

Check out how to disable WordPress automatic updates.

2. Look at the plugin/theme changelog

The second thing you should do is always look at the plugin and or theme’s changelog. This can be found within the “Plugin” update section in the WordPress dashboard.

If there is a critical security update, then by all means, you should update it right away to ensure your WordPress site is safe. Things like Cross-Site Request Forgery (CSRF), Cross-Site Scripting (XSS), etc. are some important security buzzwords to look out for. If there isn’t, I recommend waiting a week or so before updating.

WordPress plugin changelog
WordPress plugin changelog

Why wait? Because in almost 99% of scenarios if a developer pushes out bad code, if you wait a week or so, they will most likely have pushed out a fix and in essence, you can bypass all the problems altogether. This is less of a headache for you, your clients, and saves you time.

In those three plugin examples I mentioned above, I didn’t update either of them within that time period and therefore, never experienced issues.

3. Use a staging environment or take a backup

If, for some reason, an update has a feature or fix that you do need right away, then I strongly suggest using a staging environment to test with first (even for the smallest of updates!). Many hosts have staging environments now, so make sure you take advantage of them. This is what they are meant to be used for: testing.

WordPress staging environment
WordPress staging environment

If you don’t have time to test on a staging site, then at least take a snapshot (backup) of your site. With hosting providers like Kinsta, this literally takes 10 seconds and then if you notice any problems later, you can instantly rollback.

Backup restore point
Backup restore point

Here is a screenshot of my Trello card that I use for weekly backups. I go through this once a week before making any updates to plugins or themes on my sites.

My WordPress backup schedule
My WordPress backup schedule


The next time that shiny new plugin update comes around, ask yourself if you really need it today. If you don’t, and it isn’t security related, wait a week or so. Trust me, you’ll thank me in the long run. I have been doing updates this way for a long time and almost never experience anything breaking anymore.

Create an update schedule for your WordPress sites and stick to it (I recommend once a week). Otherwise, they will consume you. 🥘Click to Tweet

I would love to hear your thoughts on updating plugins and themes. What is your workflow? Let me know below in the comments.

author bio
Brian Jackson

I craft actionable content and develop performance-driven WordPress plugins. Connect on Twitter or subscribe to my newsletter (once a month, no spam).

23 thoughts on “Why you should wait to update WordPress plugins and themes”

  1. This.

    The whole theme/plugin update dance is such an issue that we ended up baking it into the hosted/managed service we sell. We go so far as to prevent users from installing updates directly so we can test on staging installs before rolling out.

    The only real exception to that rule are emergency security updates.

    As for the workflow, we manage just over 100 installs all hosted on WPEngine. We update plugins via a proprietary deployment tool my Lead Tech Developer wrote to push themes and plugins out from a Git repo to each install: https://www.screencast.com/t/Rcapub31D3

    We can push updates on a per site basis or per element (i.e. any site with that theme or plugin assigned gets the update).

    This makes testing less time consuming but allows us to get the updates out ASAP once that process is complete.

      • I’m really happy to see more attention paid to this topic. While it’s a natural byproduct of successful open source software, anyone who has been a WP developer for more than five years has seen this become an increasingly tricky issue. I asked my Lead Technical Developer to write an article on the catch-22 of this where the other side of the coin is WP users who get one-off development projects and end up in update hell becasue no one prepared them for the notion of legacy costs: https://artshacker.com/update-pros-and-cons/

  2. Thank you for this great article, Brian. I wonder how do you find out if the update is a “critial security update”? Is in the changelog of that update written “critial security update”?

    • Usually just look for the buzzwords “vulnerability,” “security update,” etc… Anything regarding security you should usually always update as soon as you can.

  3. Hey Brian,

    I am yet to face a problem due to updates and I’m the kind of guy who instantly clicks on ‘update all’ button every other day.

    Thanks for the heads up and now I’ll try to read the update logs before updating. And it’s great that Kinsta provides staging environment.

  4. It’s kind of a catch 22 though Brian. You want users to wait to update a few weeks, but the only way developers know there’s a problem is if the code is tested in more environments other than their own where it obviously works for them. So if everyone waited a few weeks, then no one would be reporting problems back to the developer. Now, I don’t mean to say that users are the gueniae pigs for developers, but just that no matter how diligent developers are in having Unit testing and testing in as many environments and plugin/theme configurations as possible, there is an infinite amount of variations in any given WordPress site which makes complete testing impossible.

    My best advice is not to wait — because what if it’s a security patch?! Update in a safe environment, either locally or a live staging site. If you experience problems, report them immediately. Encouraging waiting actually defeats the purpose of safety and iterative improvement.

    • Hey Matt, thanks for stopping by. It’s definitely a catch 22 situation and yes… if users would actually use their staging environments then this wouldn’t be a problem. I rarely see users actually making use of development or staging sites which is a pity, because that is what they are designed for.

      I’ll make a little more emphasis on staging above :)

      • I wholeheartedly agree that using staging sites is the smart move, having said that, I’m not terribly happy about the idea of being an unwitting quality assurance agent for fee based themes/plugins.

        I volunteer as a release tester for GeneratePress and am happy to do so and for the plugins I develop, I offer incentives to users who are willing to test out release candidate versions.

        Having said that, all of my clients live inside a managed hosting environment that we control directly. So in those cases we automatically push those early release versions to their respective staging sites. All of which means much of the conflict points in this discussion topic are moot.

        For free/freemium themes/plugins, I absolutely agree users need to be willing to endure some pain points via serving as live testers. After all, it’s free and the user is benefitting from that model. Getting feedback from that user base has value to the developer so it’s a reasonable symbiotic relationship at that point.

  5. This is worth considering for plug ins – a pause at least.

    But what about updates to themes? Not so frequent
    but presumably updated due to similar issues eg security, compatibility.
    But in my experience most theme producers do not provide detailed change logs
    in the same way most plugin writers do. (or perhaps are required to
    do on the WordPress plugin support site)

    • You’re right Patrick, most themes I have seen also tend to not always have changelogs that are up to par with those of plugins.

      However, some do. I use the GeneratePress on this site and all my sites (https://woorkup.com/generatepress-review/) and the developer is great about publishing all changes. I think the key with themes is finding a good developer or team that creates it.

  6. Creating a staging site to test out new updates before deploying to production is the way to go. That is exactly my workflow.

    Great to see some needed attention to a topic that seldom get discussed.

    • Thanks Collins! Definitely a big problem, especially for those just starting to use WordPress. We should definitely be putting more emphasis on staging environments.

  7. Brian, as always, useful topic for a post. It has made me rethink some of my update habits.

    The one angle I didn’t see you explicitly address is the relationship between the Wordpress core and theme/plugin updates. In my observations, one of the main recurring reasons themes and plugins update are in response to Wordpress core updates.

    Again, your suggestion of monitoring the change logs applies to this as well, but I thought it was worth mentioning. If I do run into an update issue, it’s usually from a plugin that hasn’t been updated (either by the site admin or by the plugin/theme developer) in response to a compatibility issue with a WP core update.

    I think non-security updates for Wordpress core are worth sitting on too for a few weeks in some cases to make sure plugins have a chance to push clean compatible code.

    • Thanks Justin!

      That is perhaps sometimes true, but then there are plugins like Yoast SEO that probably push out 50+ updates in between WordPress updates.

      But like you said, the reverse is also true. Sometimes plugin developers are the ones lagging behind. That is an even bigger problem lol. Oh the joy of using WordPress.

  8. I learned this the hard way and received the white screen of death.

    Great to see some ways to check before you update those plugins.

    Thank you, Brian.

  9. At Woody Creative, we manage more than 50 sites at WP Engine, and we have tended to update en masse with no real issues. If a plugin update caused a problem, it’s easier to roll back to yesterday’s automatic backup than it is to create Staging environments for all 50+ sites, update plugins in Staging, test, and then push Staging to Production. It might be a bit of a roll of the dice, but our clients are not willing to have us spend the time/expense to create all those Staging environments and do the testing (most are small biz owners). For larger clients or those who have more business-critical environments, we would treat them differently. My Two Cents!


Leave a Comment