WordPress administrators will be familiar with this screen – updates available for WordPress core, themes and plugins – but what order should they be installed in?
When faced with multiple updates I follow this order:
Why this order?
This order is based on the risk of something breaking, changing or being lost.
While all updates present a level of risk – but each is slightly different.
Themes are relatively low risk – as long as customisations haven’t been made directly to the theme’s files (e.g. functions.php or styles.css).
Plugins are a bit of a wildcard. The code quality varies greatly – but plugin developers do get the opportunity to test WordPress updates before they’re released and sometimes release updates specifically to address compatibility with future versions of WordPress core.
Finally, WordPress core updates are installed – hopefully with themes and plugins that are fully compatible with the update.
Just remember – before installing updates make sure to backup.
There are a huge number of WordPress plugins available to extend WordPress – this has contributed to the success of WordPress bringing it to power 27% of the Internet’s websites.
Almost 50,000 free plugins are available from the WordPress plugin directory – as well as paid or “premium” plugins from third-parties.
But what’s the difference between the free and premium plugins?
Free removes the cost barrier to trying new software – it allows you to test out a plugin without committing – but it does come with more risk.
The WordPress plugin directory isn’t the only source for free plugins – many developers release plugins on their personal websites or GitHub and there are many third-party plugin directories.
However they’re not all equal – the official WordPress plugin directory has a strict quality control process that ensures plugins are not doing anything malicious or have security vulnerabilities. If security vulnerabilities are found they are fixed quickly by a community of developers that volunteer their time.
Other sources may not have the same level of quality control – and for this reason extreme caution should be used when using free plugins from other sources.
The WordPress plugin directory often serves as an entry point for developers to release a plugin and start building their online presence as a developer – this results in plugins that have various levels of code quality.
To avoid being caught with a “bad” code – be wary of new plugins and check the updates and support history to make sure the plugin is being actively maintained by the developer.
Typically when getting something for free there is no expectation for support. This is particularly true with the official WordPress plugin directory – developers can provide support through the plugins support page but are in no way obligated to.
This is important to remember because if you rely on this plugin for running your website you may end up in all sorts of trouble if something goes wrong.
Plugins on the WordPress plugin directory can receive free updates – but like support there is no expectation for developers to provide ongoing updates.
An update to WordPress or a change to a browser could stop the plugin from working, again leaving you in all sorts of trouble.
Premium plugins are available through third-party directories or directly from plugin developers. They are called “premium” because they are paid for – the prices vary but typically are between $30 – $300.
There are three main advantages to premium plugins –
time and cost – you won’t need to develop the plugin
The code quality for premium plugins is typically better than free plugins – this is largely because developers are earning an income that provides them time to improve the code.
This isn’t always true – but you can avoid issues by sticking with the “big” plugins (e.g. Gravity Forms), reading reviews and checking the quality of the free plugins provided by the same developer.
When you pay for a plugin you become the customer – this introduces an obligation for support under consumer law.
Support is typically provided for 6 or 12 months after the purchase and is limited to installing and configuring the plugin.
Always check how long support will be provided.
It’s in the best interests of a premium plugin developer to to keep the plugin functioning and introduce new features through updates – this provides support to current customers, ensures the plugin stays functional and introduces new features to entice more customers.
However, because premium plugins are provided outside of the WordPress plugin directory updates are not automatically provided – the developer will need to host their own update server.
Always check that the plugin comes with automatic updates – and for how long.
Since its initial release in 2003, WordPress has become the most popular CMS – powering an estimated 30% of all websites online.
This massive achievement has a lot to do with it’s flexibility, ease of use and amazing community of contributors.
But with the such possibilities also comes mistakes.
In this article I will discuss common WordPress mistakes and how to prevent them.
1. Installing too many plugins
Thanks to the popularity of WordPress and the massive community there are more than 50,000 plugins available for free to customise your website.
The temptation may be to install a plugin for every function or issue – but this approach comes with problems.
Often people will talk about having too many plugins will slow down your website. This isn’t necessarily true – because each plugin could be a single line or code or a mammoth bigger than WordPress itself.
But the plugins introduce complexity.
Before installing a plugin, consider
whether the functionality can be achieved easily with out it
if the plugin introduces too many other unnecessary features – this typically means bloat
would it be easier or more reliable to use your own custom code.
2. Editing theme code
I’ve never seen a plugin that is perfect as soon as its installed.
Many plugins let you customise colours, fonts and add widgets – but often there’s the need to add your own HTML or CSS.
If you edit the theme’s code you may get the desired result – but either you never update the theme again (BAD IDEA !!) or when you update you loose your changes.
Instead you should be creating a child theme for theme customisations. This way you can clearly see what customisations have been applied and update the main “parent” theme.
3. Not backing up
Backups are something you never want to use but you always want to have.
Backups are important – particularly before installing a new plugin or update – but also as regular weekly updates.
Don’t trust your hosts backups. I recommend using a plugin like UpdraftPlus and backing up to an external location such as a Google Drive.
4. Not updating PHP version
WordPress uses the PHP server-side scripting language.
PHP has seen some massive updates over the years – with version 7.0 and above introducing significant performance gains.
But surprisingly the majority of WordPress sites are using version 5.6 (as of December 2018).
You can (temporarily) use the Display PHP Version plugin to check which version of PHP you currently have. If it’s less than 7.0 you should check with your website host for how to update.
5. Using cheap host
The cheap hosting offer is almost always too good to be true.
Cheap hosting tends to be lack important features, have poor support and more importantly be slow -which is critical for the user experience.
The longer a page takes to load the more likely the user will give up and go elsewhere. A two second load time is a good goal – but less is definitely better.
There are many hosting options – research is important and steer away from the cheapest. The typical good entry level host will offer cPanel management and phone support.
6. Unnecessary plugins and themes
Each plugin or theme adds complexity to your website, takes up space and is a potential security hole.
If you don’t use it any more – uninstall it. Don’t just deactivate it – even if plugin or theme is not active it may still be a security hole.
There is one exception – make sure you have a second theme installed – because if your main theme fails WordPress will roll back to the second.
7. Weak passwords
Unless you’ve implemented additional security to protect your WordPress login page (and API end points) – there will be hackers and bots attempting to guess your passwords.
I highly suggest using randomly generated passwords of 16 or more characters and a password manager such as LastPass.
8. Giving administrator access to all
If you have multiple people contributing to your website – consider giving them the least amount of access to do their job.
Not all users will need administrator access – but if they do have administrator access, they (or anyone that knows their password) can completely turn your website upside down.
Editor level access is suitable for most authors.
Other access levels include:
Administrator – somebody who has access to all the administration features within a single site.
Editor – somebody who can publish and manage posts including the posts of other users.
Author – somebody who can publish and manage their own posts.
Contributor – somebody who can write and manage their own posts but cannot publish them.
Subscriber – somebody who can only manage their profile.