How do I upgrade my WordPress website?
If you have a website or eshop built in WordPress it is important to upgrade your website whenever new updates are released, especially if they are Security Releases.
Why does WordPress release updates often?
Since WordPress is very popular, there are many developers, either professionals or amateurs, that involve and contribute to the WordPress evolution. Therefore, there is a huge availability of plugins, themes and services around WordPress, many of which are of dubious quality and potentially vulnerable. Because of this growing interest around WordPress, both third-party scripts and WordPress core scripts are constantly being tested by a huge community of users.
So we understand that WordPress as a Project, is a field of continuous interaction, where both its core and the mechanisms developed by third parties, are constantly involve with improvements, development of new features and of course the proper function of the existing infrastructure. Each time a mechanism has a new version for any of the above reasons, a new update of each mechanism is generated and WordPress informs the administrator through the admin panel.
Which updates are important and which are not?
First let's separate the upgrades into two categories, security updates and updates related to new features and bug fixes. These upgrades may refer to either WordPress or a third-party module, so at this point let's talk about WordPress updates in general so we can cover both cases.
When a WordPress mechanism generates a security update (it can also be referred as a security release or security patch, etc.), it means that a security loophole has previously been discovered in that mechanism. This discovery could have been made in any way, either through precautionary checks or after a malicious action from a hacker. Most of the time security vulnerabilities are discovered in a bad way, ie violations are found on websites and then WordPress experts study how the violation occurred and proceed to the security update. So, a security update is mostly a modification in the code that shields this vulnerability.
If we want to go a little further, it makes sense for anyone to wonder what is a security vulnerability in code and how severe is the damage that could cause. Hereby we will present a simple answer through an hypothetical example, in order to capture the general idea of what could happen, but whoever is really interested and want to take it to another level, should investigate the subject in depth.
So, let's say we have a mechanism in WordPress that allows us to upload files and images to our application, such as the WordPress media manager. If this mechanism does not control who uploads files and a simple user of the website (not administrator) can upload files without proper control, then a script may be uploaded through and cause malicious actions (email spamming, phishing etc). This will make the site a place where illegal activities occur without the knowledge of its administrator.
New features / bug fix updates
These updates are released each time a website mechanism has a new functionality or fixes bugs found on the previous version. These updates do not threaten the safety of your website but in the long run are very likely to cause problems for the following two reasons. Firstly, the older versions will probably no longer be supervised by the software developers, so they are more vulnerable to potential security vulnerabilities and secondly because an outdated module (eg a plugin) will not be compatible with the other modules of the website. The latter case is something we commonly meet with outdated Site Builder plugins in updated WordPress platforms.
In conclusion, the security updates is a matter that has to be addressed as soon as possible due to their high importance, while the New features / bug fix updates have to be installed but not immediately.
What should I do before the update?
Before making any updates to your WordPress site, you will need to generate a backup of your account. An update practically means that some files with code will be downloaded from the site of the software manufacturer and will be installed on your site. Because of this link to the third-party systems during the update, having a recent security backup is crucial for this process.
Ways to generate a WordPress Backup
Backup a WordPress site is a process that can be achieved in many different ways. Right below we mention some of them, sorted by how easy their download and restore options are.
Backup through the automatic installation tool (Installatron)
Through your cPanel account you can synchronise your WordPress site with the Installatron automatic installation tool. After the synchronization, Installatron will automatically notify you if any update is available. Clicking on the Update option WordPress downloads and installs the updates (including plugins and themes) and at the same time generates a security backup which can be easily restored in case the update crashes. Moreover, you can also select whether you want Installatron to automatically install the new versions of WordPress (minor/major) or the modules as well (themes, plugins etc).
If you have a hosting plan in the Business or Semi Dedicated Line series, then you can use the provided backup software named Jetbackup and get an instant backup (Instant Snapshot) of your account, which can be easily restored. This option backups the entire cPanel account and not just WordPress, something that will bring all the emails as well, along with the account settings to a previous state. And that’ s why it holds the 2nd position on this list.
Download a Full cPanel backup is the Official solution suggested by cPanel for Backups, so we couldn’t omit to include it in this list. Restoring a Full cPanel backup requires root privileges, so you will not be able to restore it by yourself. All in all, this case needs the hosting company’s intervention but your website can and will be restored to a previous state. This process just takes more more time than the above ones.
Backup via a WordPress plugin (Updraft, Duplicator etc)
These backups are generated by the application and not by the server and thus, they run with php permissions and not with cPanel permissions. Many of these Plugins work very well when it comes to backing up, such as Updraft or Duplicator Pro, but are more likely to face various throughout the process, comparing to the cPanel-level backups such as those listed above. This is why this option is the last one of our list with our WordPress backup suggestions, even though they are quite popular and widely used through the Internet.
How to upgrade WordPress?
For the purposes of this article we will describe 2 basic ways that you can upgrade your WordPress site in IP.GR’s hosting servers. These ways are sorted based on time and security criteria during the upgrade, so the first recommended upgrade method is through Installatron and the second one through WordPress admin panel.
1. Upgrading WordPress through Installatron
In order to be able to upgrade your WordPress site through Installatron, you must first have synchronized your WordPress installation with Installatron software. To do that, you can log into your cPanel account and from the Web Applications section, click on WordPress. Then select "Import Existing Install" which can be found in same menu of "install this application".
Then, click Update:
In the next step you can select whether you want to upgrade only the WordPress Core script and / or the selected plugins and / or the selected themes or all of them.
We recommend that you leave the "Yes, create a backup before performing the update" option checked, so that Installatron can back your application up before the upgrade.
By clicking on the Update button, Installatron takes a backup and right after it proceeds with the upgrade.
Once the upgrade is done, we suggest that you run a functional check of your website to make sure that everything works properly.
In case you need to restore your website to its previous state, then you can go to "My Backups" through Installatron where you can select the backup created in the previous step and press "restore". The restore is being executed immediately.
2. Upgrade WordPress through its admin panel
If you want to upgrade your WordPress site through the admin panel, you can follow the steps below:
- Log In to WordPress at the address https://my-domain.gr/wp-admin (my-domain.gr should be replaced with your domain).
- As soon as you log into your WordPress admin panel, you will see a message that informs you about the available upgrade. Click on Please Update Now.
- In the next page, click Update Now.
As soon as the upgrade is completed, a relevant message will be displayed on your screen.