Updated: 3/25/2016

The #1 rule of WordPress security is to keep your WordPress core files, your plugins and your theme updated.  The fine programmers at WordPress work tirelessly to update WordPress to bring you new functionality – and to close any security holes that are found.

The WordPress core and your plugins need to be updated on a regular basis.  Your theme will probably need to be updated at some point too.  If you don’t keep your files updated, your site will be vulnerable to hackers who have figured out ways to take advantage of older versions.  The update process is now fairly simple with advent of “1-click” updates.  Just remember to always backup before you update.  Occasionally there will be a problem and you don’t want to be left dead in the water with a blank site or error message until you’re able to contact someone for help.

Do-it-Yourself WordPress Updates

  1. Always backup your site files & your database before updating.  This can easily be done via cPanel or with a plugin like Updraft.
  2. Log into WordPress.  If the core files need updating there will be a notice at the top of your screen. You can follow the links to update WordPress.
  3. Once you’ve updated – check your site.  Does everything look normal?  Ok, good, continue.
  4. Next update your plugins.
  5. Again, check your site.  If everything looks ok – Great, you’re done!
What if?

If you run into problems – after the update something looks wrong or you’ve got the famous WSOD (white screen of death).  Don’t worry,  you can put your site back the way it was using your backups.  If you’re using cPanel you can log in and restore the backup copy of your database and WordPress files.

Then what?

Once you’ve got your site back up and running you can attempt a manual WordPress update.  There are detailed instructions here.  During the manual upgrade you are able to determine if there was just a problem with one of the WordPress files, or if there was a conflict with your theme or one of the plugins.

Rather not do it yourself?

No problem, we’ve got you covered with Managed WordPress Security Updates!

What else can I do to keep hackers at bay?

Yes, we also recommend installing a security plugin like Wordfence or iThemes Security.  These plugins will help lock down your site making it harder to get into by tracking and banning repeated login attempts from the same computer.