WordPress allied to WooCommerce is a powerful business Content Management System (CMS) and eCommerce setup. But as with all software, WordPress needs to be upgraded to perform to its best, to be secure, and also for things continue to look and function really well.
Why you need to upgrade
When your website was launched, it worked. It should, at least in theory, carry on working forever, right? Well, not so much. Technology evolves rapidly.
Here we take a look at top 3 reasons to update: functionality, competition, and security.
Reason 1: Functionality
You can sometimes get a few years out of a website build, even if you never hit update. The problem here is to keep your website working the way you want will require regular updates and even tweaks to maintain the functionality you had at launch.
Open source code is always improving. Getting faster, more efficient and working with new devices, screens, and browsers. This means the way everything operates has to change and this sometimes alters the logic in the code or the sources used to render parts of your site.
The technology upon which WordPress rests, such as PHP, MySQL, and your server / hosting environment will always be evolving. If you just left your website as it is, eventually, a new version of PHP will ship, or some other "breaking change" will render your website... well, broken.
Upgrading your WordPress, plugins and server environment will help to maintain the functionality you’re looking for in your website. In fact, it might even help you get extra functionality, which leads to the next reason to update.
Reason 2: Get ahead of the competition
Upgrading your software means you’ll be able to take advantage of advances in technology and get ahead of your competition. Whether it’s a slick new slider feature or a website that works with a new device, keeping up to date gives you a competitive advantage.
Some benefits of upgrading can include improvements to the speed and efficiency of your website, can have an impact on SEO, getting you more traffic, thus more customers.
Reason 3: Security
Functionality has an ugly relative, called security.
Security should be important to us all. It is mission critical to webmasters, including those on WordPress.
Security updates are issued often, and these should be installed straight away.
Want a real-life example? Some have suggested the Mossack Fonseca "Panama Papers" hack happened because of outdated software, one specifically being a very old version of a particular WordPress plugin. A security release had been issued months before and there was a lot of chatter surrounding the important update. In fact, anyone logging in (or looking at the source code) of the Mossack Fonseca website would have been able to see the plugin needed updating. Ouch!
A lesser known yet a more common goal of hacks and viruses is to hijack the email capabilities of your server or WordPress environment. Even unnoticed, this can sometimes lead to sluggish load times and a blacklisting for your emails.
Whether or not your clients are the super-rich looking to squirrel away their cash in somewhat gray tax avoidance schemes (let's hope they're not), maintaining a secure website and hosting environment is important for every business.
Bottom line: to maintain a speedy, secure, functioning WordPress website, you need to keep your software up to date and be prepared to evolve.
What elements you need to upgrade in your WordPress install
Let's start from what your WordPress website includes, which is:
- WordPress Core (the actual WordPress software)
- Your plugins
- Your theme, which may often also include:
- Parent theme
- Child theme
Generally speaking WordPress core, theme files and plugin files should be upgraded as soon as possible, after a stable version release.
Before doing any kind of upgrade, it is very advisable to backup, regardless of what you are about to do. Backups will enable you to roll back changes if you uncover a plugin conflict or something which doesn’t work right with the upgrade. Most good web hosting providers will offer some form of automated backup.
You can also either rely on a free plugin like UpdraftPlus to make WordPress specific backups or go the extra mile and use a premium plugin such as BlogVault which provides more than a standard backup plugin.
Looking for an experienced WordPress expert who can take care of upgrading your website (so you don't have to worry about it again)? Hire Robin Scott now!!
At this point, it’s probably worth mentioning the utility of a staging environment.
For complex sites, WooCommerce websites or those which handle a lot of active paying customers, it’s advisable to test upgrades in sandbox mode in a staging environment. This will enable you to test the outcome of upgrades without upsetting customers or losing data. Once the right upgrades are finalized, you will be able to switch them on seamlessly. Your eCommerce website going offline for technical reasons is not acceptable!
Now, back to upgrading your WordPress website.
How to upgrade WordPress core
There are two options when it comes to upgrading the WordPress core: automatic updates and manual updates.
1. Upgrading WordPress automatically
Automatic upgrades are available for the WordPress Core, where security upgrades will be automatically installed. Major version releases will still need to be installed “manually”.
Turning automatic upgrades on requires the “apache user” which PHP runs under to be allowed to make changes to the directory in which WordPress lives or for you to give WordPress your FTP login information.
Both of those are not suitable in all cases, for a variety of reasons, but at the very least, if you know you will never get around to upgrading, configure automatic WordPress updates.
Automatic upgrades do not do major version updates, so you may be sure that nothing huge is likely to change.
That said, you may still find that one of these upgrades breaks your website (see below!). There’s a code-y way to prevent auto updates from happening, should you wish them not to, and that is to add the following to your wp-config.php file:
define( 'WP_AUTO_UPDATE_CORE', false );
But you’d be better advised to leave auto updates turned on if it’s things breaking you’re worried about. Turn on auto updates and turn on automatic backups - if you won’t manage your WordPress site, at least allow it to manage itself!
2. Upgrading WordPress manually
When we update WordPress websites for our clients, we usually do this “manually”. That means we upgrade the website at a scheduled time of our choosing.
As with automatic upgrades, how you go about this depends on your setup and settings.
The easiest is if WordPress is run by an apache user with permissions to update the directories in which the WordPress website lives (note this includes the webroot if this is where your WP lives!).
You would then click “update” in the relevant place in WordPress admin next to the core.
If the file permissions are not setup to allow this update, you may be prompted to enter your FTP information to make this happen.
You can also update WordPress by uploading all the new files via FTP, which is quite the long way around.
How to upgrade WordPress plugins
Upgrading plugins is generally a similar process to upgrading your WordPress Core. Especially if the plugin in question is from the WordPress repository, it should be a button-click process.
Again, backup first, lest something break.
If your plugin was built for you custom made, then it likely will need you to contact the original developer - or a new developer here on Codeable if your original developer is now traveling the world and incommunicado :) - in order to make changes to it.
If you purchased your plugin from a reputable source, then they will likely have included some kind of upgrade regime within the plugin itself. Usually, automatic upgrades are what you get for a license fee. All those great WooCommerce Extensions are made like this!
How to upgrade a WordPress theme
Themes from the WordPress repository upgrade in broadly the same way as plugins and the WordPress core. And if you have issues, it will be based on file permissions.
Commercial WordPress themes each have a different regime, but if you bought from Themeforest, there’s a handy little plugin that can manage this, assuming you got the right license and an API key (hint: a Codeable expert can help you set this up, in a quick task!).
How to Upgrade a WooCommerce Website
Upgrading a live WooCommerce website is one to be careful with. At work, my business Silicon Dales deals almost exclusively with WooCommerce websites, and every upgrade is done first in staging, which prevents things from failing in production.
But note, whether you use staging first or not, you still need to physically run through the updates on your production site.
If you had a bricks and mortar shop, you wouldn’t start re-fitting or painting the store during the middle of a busy trading session (unless there was an emergency!), and the same is true of eCommerce.
Your sales data will tell you when you are least busy. Use this least busy time (often early in the morning, on a Saturday) to roll through major changes, particularly those with database upgrades which take some seconds to complete.
While committing changes, put up a maintenance mode window, and direct customers to a mailing list or similar, just in case you hit that purchase-happy customer at precisely the wrong time! Offer them a coupon for their trouble. Don’t just expect things to be okay - if they get half way through buying something then they see the WordPress “maintenance” screen, you just lost a friendly customer!
If things break in your store (in staging or in live) roll back to a working state and then fix these issues ASAP. Updates to WooCommerce and key plugins (like payment gateways) are made because of (things like) updates to payment gateway APIs, shipping APIs and suchlike - they aren’t really optional, and the sooner you get things compatible, the better.
Call for help at Codeable if you need it!
Which leads us nicely to...
When Updates Fail (white screen of death, error messages and more)
You can tell this (in staging!) by deactivating all plugins, and using a standard WordPress theme, then update the WordPress… hey presto, it didn’t break.
Then turn on your theme.
If it works, you have a plugin conflict.
If it doesn’t there’s something in your theme.
Check the logs! Or, again, call a Codeable developer to troubleshoot it!
Then turn on each plugin in turn until something stops working. When things break, the plugin you just activated is your culprit. You need to fix that plugin! As I said: check the logs, hire a Codeable expert, stop using the plugin or generally do something which will mean this conflict is no longer an issue for you. Repeat with the rest of the plugins (sometimes you have a 2 for 1 error!).
If you plan to have a successful business (who isn't?) based on a WordPress website, you must keep it updated at the latest stable release to retain and enhance functionality and, of course, keep it secure. Updates don't fall under the "nice to have" cap, they're mandatory and critical tasks for any website.
Given their recursivity and importance tough, if you don't feel confident pushing through updates yourself - or there is nobody in your business who is - then you should consider having somebody to do updates on your behalf. For this, Codeable's new Retainers feature will come in most handy. The best case scenario: you'd have a Codeable expert you trust in charge of your WordPress website, and all updates to it. You’ll be in safe hands, as will your website!
I know: everyone complains about upgrading - even us developers on busy days. But let's not forget what's important here: since you’re running a website for business purposes (it's not a hobby, you know that!), you'd better be diligent when it comes to maintaining a working and secure one, otherwise, your business will be directly affected.
At the end of the day, it would - frankly - be foolhardy not to upgrade, for there is no alternative. Don't you think?
Need an experienced WordPress expert who can take care of your website/eCommerce store updates regularly? Hire Robin Scott now!