Anyone familiar with WordPress will be no stranger to updates…
Updates to the core WordPress installation files, theme updates, plugin updates, and depending on how long you have been using the software, you may be familiar with server-side PHP updates, too.
Each update is important, but do you actually need to update whenever a notification appears alerting you to yet another update being available?
Or are you better off waiting until kinks are fixed in the current version by keeping your WP site on the older version? If so, how long will that be?
How often does WordPress update?
Major updates to the WordPress core installation files happen 2 to 3 times per year. Minor updates are rolled out as needed. Themes and plugins have updates soon after a WP core update, or the developers have enhanced the functionality. Server-side PHP updates happen every 2 to 3 years.
Major Wp Core Updates
WP core updates are rolled out two to three times per year. The reason for the regular frequency is security.
WordPress is the most popular content management system on the internet.
In terms of market share in 2021, 62% of websites using a Content Management System are powered by WordPress. 42% of all websites use WordPress. Security is a huge issue requiring frequent updates to prevent intrusions.
As the entire software is open-source, anyone can scour the source code that is responsible for powering at least 455 million websites to find security lapses that can be used to hack into WP websites.
Those major updates to the WordPress core installation files happen up to three times every year to keep your site secure.
How do you know if a major update is available?
When you log into your WordPress website, the number of updates available are shown in the left sidebar beside the “updates” menu item, and again in the WP admin bar.
This also alerts you to plugin and theme updates that are available.
You can see all available updates from the updates page within your admin dashboard (yoursite[dot]com/wp-admin/update-core.php)
On this page, you can make updates to anything from the WP core installation files to plugins and themes when they become available.
Minor updates are rolled out as needed.
How to tell if a WordPress update is minor or major
WordPress has a numbering system that is used to identify the types of updates being applied.
- Two-digit numbers are a major update
- Three-digit numbers are minor updates to the current version.
As an example, using the current version, the last major update was to WordPress version 5.8. That was released to the public on July 20th, 2021.
Since then, two minor updates have been released.
The first was on September 8th, 2021 with the release of version 5.8.1. Notice the third digit? The 1 means it is the first minor update to version 5.8. The second update (5.8.2) was rolled out to the public on November 10th, 2021.
Minor updates are nearly always bug fixes and security patches. Major updates are when new features are introduced to the software.
If you are not keen on updating as frequently as WordPress notifies you of updates being available, major updates are when your site will receive additional functionality.
Minor updates are more important for security. But, if you continue running the older version of WordPress for enhanced stability, you will miss out on the security updates that only happen on the most recent versions.
PHP updates are needed at least every three years
Asides from the WordPress updates, additional updates are made by your web host. This is why it is so important to use a good blog host provider.
PHP updates are fully supported for two years. By three years, support is no longer available. For that reason, the version of PHP your server runs on should be updated no longer than every three years.
Updates to PHP are not always plain sailing. When server-side updates are applied, themes and plugins that are incompatible with the newer PHP version will break.
This is where managed WordPress hosting can play a huge part in keeping your site functional.
Most managed WP hosting providers offer staging environments as standard. The reason for this is so that you can test out major updates on a staging site before making the updates to a live site.
It can avoid critical failures if plugins, themes, or a core update have the potential to break your website.
When a PHP update is available, your web host will usually notify you with instructions on how to update your PHP version for WordPress. Some will automatically update the PHP versions, others will provide instructions.
If you have to manually update the PHP version, go to cPanel > select “MultiPHP Manager” select your domain then select the PHP version from the dropdown menu to apply the update to.
WordPress theme and plugin updates happen as frequently as the core updates
Last, but by no means least is the updates to plugins and themes.
These are done by the theme and plugin developers. Some can be set to auto-update if they are included in the WordPress.org repository.
Third-party plugins that are not listed will need to be manually updated.
Before manually updating, check to see which version of PHP is supported. For plugins and themes that have not been updated in 3+ years, they may be coded to work with a redundant version of PHP.
When that is the case, WordPress displays a message to inform you that the plugin is “untested with your version of WordPress”.
Outdated themes and plugins can leave your website vulnerable to intrusion.
Are WordPress updates automatic or not?
Since WordPress version 5.6, new WP installations have auto-updates enabled. For older websites that have been updated to version 5.6 and higher, the auto-updates have to be done manually, unless you host your site with a managed WordPress hosting provider.
A key difference between self-hosting and managed hosting services is that managed services take care of the updates. Well, most do. They test the updates before rolling them out to customers.
If you manage your own self-hosted WordPress site, you will likely need to edit your WordPress installation to enable auto-updates.
Two ways you can do this is using your WordPress Management console within cPanel, or by editing your wp.config.php file.
Go to WordPress Manager by Softaculous. Select the domain you want to configure auto-updates for.
Where it says “auto-upgrade WordPress core” change that from “do not upgrade”, to either “upgrade to Minor versions only”, or “Upgrade to the latest version available (Major as well as Minor)”.
Click save changes and now whenever a new update is released, your site will automatically update based on your selection.
- Minor updates provide security patches and bug fixes.
- The major updates are when new features get rolled out.
Configuring Auto-Updates in the wp-config.php file
An alternative method to enable auto-updates is to add a line of code to your config file.
define( 'WP_AUTO_UPDATE_CORE', true );
Where ‘true’ is the value defined in the code, this enables auto-updates for Minor and Major core updates. Setting this to ‘false’ disables the feature. Defining the value as ‘minor’ (instead of ‘true’) will apply auto-updates only for the minor core updates.
Auto-updating themes and plugins
Within your WP admin panel, plugins and themes can be set to auto-update. You have to manually approve this setting when you install a new theme or plugin.
If you have a lot of plugins or manage multiple sites, you can also enable auto-updates using filters in your wp-config file.
Add this line of code to your wp-config.php file to auto-update plugins
add_filter( 'auto_update_plugin', '__return_true' );
and to auto-update themes, add this code
add_filter( 'auto_update_theme', '__return_true' );
The values for these can be set to false, but that is strongly not advised.
The reason is that by default, WordPress has background updates enabled. This allows the WordPress security team to push out security fixes based on responses within the WordPress.org API. When a critical vulnerability is addressed, updates are rolled out in the background to fix vulnerabilities.
If the value for updating plugins is set to ‘false’, it also disables background updates making your site more vulnerable. Either update plugins manually or set them to auto-update. Never disable the ability to update.
The plugins and themes auto-updates are important, but not as important as the core WordPress updates. It is advised that the core updates are done frequently because they are always to increase security.
Bottom line is that WordPress updates are frequent
The reason is that they are required for the security of your website.
- Major updates are when new features are rolled out. Usually, two to three times per year.
- Minor updates are security enhancements. These are rolled out as needed.
- PHP updates to the hosting server that the WordPress software runs on will have to be updated every three years, at least.
Knowing the above, when you log into your WordPress website now and see that an update is available, you will be able to see what type of update it is (minor or major) and make a better-informed decision of whether it is a wise move to press update now, or test it first on a staging site if it is a major update.
Same if you fancy trying out a plugin or theme that has not been updated in 5+ years. It would be best to move on and find a more recently updated plugin that has better security and be more likely to work on your site.
Hey guys! It’s me, Marcel, aka Maschi. On MaschiTuts, it’s all about tutorials! No matter the topic of the article, the goal always remains the same: Providing you guys with the most in-depth and helpful tutorials!