One of the most important things you can do for your WordPress blog is keep it updated to the latest version of the software. The company behind WordPress make it quite a simple process to update thanks to the site structure and how the update package is provided.
You have a few options on how to upgrade. The easiest, but it does carry a bit of risk, is to use the automatic update service. If you are already running on version 3 of WordPress then the top tool bar should show a small icon next to your site name with a number next to the icon. This will show you how many updates are currently available. Updates that WordPress detects are core updates to the software as well as plugin updates and some theme updates. Click on the icon to proceed to the next screen.
When the next screen is showing, you will see it divided in to 3 sections. The top section is for the major updates to WordPress… ie, the core files. If you are running the latest version WordPress will tell you so but still give you the option to re-install over the top of the current install, or download copy of the files in zip format. The re-install is a handy way of refreshing the core files and can be used from time to time including times when you think your blog may have been hacked. A re-install of the software can wipe out some damage done by hackers although not all hackers attack the core files.
The second section is for plugins. If WordPress detects that you have plugins that are out of date then this is the place to update them. If you want to do all at once then click Select All and then click on the update button.
Below that you will find theme updates. I have only ever seen WordPress themes in there and not custom themes, so if you want updates for those you might want to check with the site you purchased or downloaded your theme from.
Risks of using automatic updates
Some of the risks involved with automatic updates includes file permissions. To get it working you might need to elevate permissions a little on your server. By doing this, you are more susceptible to attacks, so proceed with caution. Also with automatic updates they happen extremely quickly, which is a bonus in some ways, but if you want to reverse your decision it is always too late within a fraction of a second of hitting the update button. This could potentially wipe out any custom changes you have made.
Make a backup before updating
One way to cut down on risks is to make sure you are keeping regular backups of your content. I’ll go in to this in a lot more detail in a later post, but if you have backups, and keep multiple backups, you can more easily roll back any changes that an automatic update makes. Sometimes this can be a life saver although in most cases, actually in all cases for me, I have found the automatic way to be a good enough way forwards.
Another option to update is to do it manually. To do it this way you’ll need FTP access to your blog. This is also a little beyond the scope of this post but I will cover it in more detail in the future.
WordPress is updated by the team behind it for many reasons. One of the reasons is that they want to add more features to the software to make WordPress a better solution for its users. Another reason WordPress gets updated, and perhaps the most important, is that software is vulnerable to attacks. As weaknesses are found by hackers, WordPress needs to be kept updated to close those security loop holes. WordPress 3.4.2 was just released today and simply fixed a number of security holes that have been found within the software.
Expect to need to upgrade your blog every few months on average. The process tends to always be painless although it still doesn’t mean that you should prepare just in case some unique modification you have made or some obscure plugin you use isn’t compatible.