In this lesson you will learn about why updates are important and how to manage them in WordPress.
In this lesson you will learn about why updates are important and how to manage them in WordPress.
After completing this lesson, participants will be able to:
Who is this lesson intended for? What interests/skills would they bring? Choose all that apply.
How much experience would a participant need to get the most from this lesson?
Which strategies will be used for this lesson plan? Choose all that apply.
How long will it take to teach this lesson (in minutes)?
60 minutes
Participants will get the most from this lesson if they have familiarity with:
What could present challenges to delivering this lesson? Is there anything that can be done in advance to prepare for those challenges?
For example:
- What if there’s no internet available?
- What if there’s no projector available?
- What if a participant doesn’t has a WordPress site to work with?
- What if there aren’t enough computers for everyone?
- What if no one has the prerequisite skills? What if there are different opinions about the topic?
The plan for the lesson. Outline form works well.
For example:
- Talk about what a theme is
- Demonstrate how to install and activate a theme
- Practice exercises to have participants find and install a theme on their own site
Which of these components do NOT require updates:
Answer: 4. Media
_ include new WordPress features
Answer: 1. Major releases
__ include maintenance releases, security fixes, and updates to translation files
Answer: 1. Minor releases
By default, every site has automatic updates enabled for minor core releases and translation files.
Answer: 1. True
Where can you look to determine if WordPress core has updates available?
Answer: 1. At the top of the administration dashboard and 2. Dashboard > Updates
Where can you look to see what updating a plugin should fix?
Answer: 1. changelog
Automatic plugin background updates only happen by default for plugins and themes in special cases
Answer: 1. True
When you run a theme update, you are actually overwriting the theme files.
Answer: 1. True
Before you run any updates, it’s a good idea to back up your website.
Answer: 1. True
Today we are going to learn how to identify when updates are available for WordPress sites and how to run those updates. But first, what are updates? And why do we need them? Updates to any software are released for three reasons: to fix security vulnerabilities, to fix bugs that have been discovered in the code, and to add new features. So, when we say that “WordPress core” has an update, we mean that new code has been released to replace some old code so that security issues are patched, bugs are fixed, and new features are available to users. Sometimes people procrastinate on updating their sites, but this is a very risky approach to maintaining a site. We need to consistently install the updates that are available for our sites because all sites need security patches so that they are not vulnerable to known hacks. Additionally, all sites benefit from bug fixes because then they are running off a more stable code base. It is arguable that sites can get by for some time without introducing new features to the underlying software, but new features are introduced in WordPress with the intent of making the experience of administering one’s site easier for the user. If the thought of updating your site resulting in changes to the interface that you see is scary, that is OK! There is always a tutorial on new features to show you where things are after updating. For all of these reasons, you should always update WordPress to the latest version. There are three components of your WordPress site that may require updates:
Each update to WordPress core, plugins, and theme files often includes bug fixes and security fixes. Major updates to WordPress core and some updates to plugins and themes include feature enhancements that can be really helpful to you in administering your website. By holding off on updating, you may be missing out on bug fixes and feature enhancements that will make managing your site easier and on security fixes that will protect your website from being vulnerable to being hacked or targeted by malicious code.
There are two types of updates to the WordPress core software that become available for your website:
By default, every site has automatic updates enabled for minor core releases and translation files. It is possible to disable these automatic updates, but automatic updates for minor core releases are one of the best ways to guarantee your site stays up to date and secure moving forward. For that reason, disabling automatic updates is strongly discouraged. Even when automatic updates are enabled you still need to manually trigger major release updates. You will be able to tell that there are core updates available for your site in a few key places throughout the site. First, there will be a banner at the top of the every administration page to alert you to the update: 
Second, on the “Updates” page within the WordPress admin (yourwebsite.com/wp-admin/update-core.php) there is a section that will tell you whether WordPress core is up to date or not: 
[tip]To get an idea what was changed in a particular version, you may check out Releases Category Archive[/tip]
Plugin updates do not follow a consistent naming convention that will help us in determining whether the update contains security updates, bug fixes, new features, or some combination of the three. Instead, there are other resources to help ensure that the updates we make to plugins are safe for our sites. Plugins are administered from the “Plugins” screen in the administration screens of your WordPress site. You can go there by clicking on the “Plugins” button in the left side navigation or by navigating to yourwebsite.com/wp-admin/plugins.php. Once on this page, you’ll see a list of all of the plugins that are installed on your website, whether they are activated or not. 
Each plugin has a description of what the plugin does, a version number, an author, and a website to refer to. If updates are available for the plugin, there is an alert below the standard plugin information that says “There is a new version of [plugin name] available. View version [number] details or update now.” You can click on the “Update Available” link to view only the plugins that have updates available. In this instance, the only plugin that has updates available is Akismet. When looking at the plugin listing information for Akismet, we can see that the website we’re looking at has version 3.1.3 of the plugin installed and that a new version is available. 
Before we run updates for a plugin, it’s best practice to make sure that the plugin won’t have compatibility issues with the version of WordPress the site is running or with other plugins that we have running on our site. To see what has changed in a new version of a plugin, you can click on the “view version [number] details” link to view the release notes for the new version. In the changelog we can learn lots of information about how the new version of a plugin is different from the version we have installed. For example, by reading the changelog we may learn that a plugin added some documentation, made an accessibility fix for screen-readers and keyboard navigation, or resolved a compatibility issue with a new version of WordPress. 
Unlike WordPress core, automatic background updates only happen by default for plugins and themes in special cases, as determined by the WordPress.org API response, which is controlled by the WordPress security team for patching critical vulnerabilities. This means that most of the time you will need to manually trigger updates for the plugins on your site. In addition to managing plugin updates through the “Plugins” administration panel, the “Updates” page within the WordPress admin (yourwebsite.com/wp-admin/update-core.php) also includes a section that will tell you which plugins have updates available: 
As with WordPress core and plugins, themes that are bundled with core, that you have installed from the WordPress Theme Directory, or that you have installed from a third party source will require occasional updates. You can see the available theme updates from the “Themes” section on the “Updates” page within the WordPress admin (yourwebsite.com/wp-admin/update-core.php): 
When you run a theme update, you are actually overwriting the theme files. If you made any changes to these files when setting up your site you will lose the changes when you update. Since losing the changes that make a website look a certain way is frustrating and sad, WordPress provides an easy way to avoid this headache by encouraging the use of “child themes” that inherit all of the characteristics of the “parent theme”, but do not lose any customizations when the parent is updated.
Before you run any updates, it is a good idea to back up your website because sometimes updates do not go as planned and may break part of your website. If you have a backup, you can restore your website to it’s previous state if there are any issues when upgrading. Complete instructions to make a backup can be found in the WordPress Backups section of the Codex.
There are two methods for updating - the easiest is the one-click update, which will work for most people. If the one-click update doesn’t work or if you just prefer to be more hands-on you can follow the manual update process that is documented in the Codex. Modern versions of WordPress (version 2.7 and up) let you update with the click of a button. For WordPress core, you can run an update by clicking the link in the new version banner (if it’s there) or by clicking the “Update Now” button in the WordPress core section of the “Updates” screen. You shouldn’t need to do anything else other than let the updates run. Once it’s finished, your WordPress software will be up-to-date. For both plugins and themes, you will need to select the check-boxes for each plugin or theme you would like to update and then click the “Update Plugins” or “Update Themes” button to run the updates. One-click updates work on most servers. If you run into any issues with one-click updates they are probably related to server level permissions issues.
Follow with the Exercises and Assessment outlined above.