WordPress is most vulnerable when it is out of date. What is the best practice for keeping your website up to date and secure?

Step 1: Backup Your Site

Before you run any updates, make sure to capture an up-to-date backup. If you are on a managed host like WP Engine, Flywheel, or Kinsta, you should have automatic backups enabled. If you are on a host that offers backups as an add-on, it is well worth having them. 

If you aren’t on a host with this as a server-side option, a plugin like Updraft Backups or All-in-One WordPress Migration will help. 

Make sure you fire the backup before you update. If anything goes wrong, you will be able to roll back your website to a version that works while you wait for fixes for your issues. 

Luckily, WordPress core and plugins have become far more stable than they were five years ago, and we barely ever encounter a breaking update. 

Step 2: Run Your Updates One at a Time

I highly recommend that you run each plugin update that may impact a front-end feature of your website one at a time. This way, you can investigate and isolate what happens if something unexpected does break. 

Some examples of this:

• On an eCommerce site with product options, update WooCommerce and check the functionality. Then update the product options plugin and check again. 
• Elementor or other page builders, update core plugins first and then any add ons. Check one or two pages that contain the page builder add-on for compatibility. 

You will save yourself some headaches by knowing which plugins have which impact. Plus, if a plugin is consistently a troublemaker, you can look elsewhere for similar functionality and save more time in the future. 

Step 3: Back it Up Again.

Once you have a successful update, create a new backup point. Why? You will want to roll back to the fresh update if something else goes wrong between the current updates and the subsequent updates. If you are sure that everything was functioning, it gives you a clean starting point to roll back to instead of going back before the last updates. 

If you have auto-backups, this is less important, but still firing a backup after an update isn’t a bad practice just in case. 

Keeping your WordPress up-to-date is critical; hopefully, these three simple steps help you stay safe, secure, and updated!