Array / 7 min read

How to update WordPress, plugins, and themes risk-free.

Your core files, plugins, and themes are your website’s most important components. Keeping them updated is essential to maintain and improve functionality, increase security, and ensure long-term compatibility. This article will explore how to update WordPress, plugins, and themes effectively and risk-free.

Why should you update plugins, themes, and core files?

Updating WordPress core files, plugins, and themes has various benefits, including the following:

  • Security. Updates patch security vulnerabilities detected in previous versions. Exploiting vulnerabilities in plugins, themes, and core files is one of the most common ways to hack websites.
  • Performance. Newer versions improve performance on various aspects of website functioning, like JavaScript processes and complex queries. These improvements increase speed, performance, and user experience.
  • Added functionality and bug fixes. Every major WordPress release includes new functions like accessibility options, UI improvements, block editors, and more. Past bugs are also fixed. The same goes for plugins and themes.
  • Compatibility. Plugin and theme developers create updates that take advantage of new features and enhancements in the core WordPress installation. In rare cases, a WordPress update can break compatibility with a plugin or theme if the plugin/theme developers aren’t following best practices.

How to update WordPress core files safely?

Hands typing

There are various methods to update WordPress core files. Before exploring them, let’s review the types of WordPress updates and the things to remember before updating.

Types of WordPress updates

WordPress versions are identified by three numbers in a dotted notation like this: version 6.1.1. There are three main types of WordPress updates, each one changing a number from that notation:

  • Major updates. These updates are the largest in scale, extensively adding new features and overhauling past features. You can identify a major update or release by checking the first digit of the version number. 6.X.X identifies WordPress’s sixth major update, for example.
  • Minor updates. These updates generally contain new functions, bug fixes, and security patches. “Minor releases” are released during the year between major releases. You can identify them by the second digit. Version 6.1.X identifies the first minor update of the sixth major update, for example.
  • Patch releases. The updates with the smallest scope. They are generally bug and security fixes for the last minor update. You can identify them with the last digit: 6.1.1 identifies the first patch release of version 6.1.

Plugins and themes use the same notation to identify updates.

In general, you should apply updates as soon as they’re available, but sometimes you can wait for a few days or weeks. You may, for example, want to wait to see whether a major release launches with bugs and other issues to avoid suffering them. On the other hand, you should always apply security patches as soon as possible.

Not applying security patches can make your site vulnerable.

Before updating WordPress

There are several steps you should take before updating WordPress, including the following:

  • Check WordPress’s current requirements. It tells you which PHP and SQL/MariaDB version your web host should support for the site to work correctly.
  • Check whether your current plugins and themes are compatible with WordPress’s current version. If they’re not compatible, your site may suffer instability or break.
  • Back up your site. Preferably, use a method that stores the backup in your site’s server and also an external system, like a cloud service.

With all of that done, you’re ready to update WordPress.

Updating WordPress core files from the dashboard

This method is the simplest and most user-friendly. Once you’ve backed up your site, the process is straightforward:

  • If an update is available, you’ll see a message at the top of your main dashboard page. It’ll say, “WordPress X.X.X is available! Please update now.”
  • Simply click on “Please update now,” and WordPress will update. It’s that easy.

Updating WordPress core files using staging sites

Even if you have a backup, we consider it a best practice always to use a staging (STG) site when updating WordPress. STG sites are almost perfect copies of your live site, which you can modify without risking your site’s functionality. The benefits of STG sites are:

  • Catching errors and bugs without the risk of breaking your site and having to restore it.
  • Quick and simple to create.
  • You can set them up locally or online.
  • They make the update process better and more sophisticated.

To update WordPress on an STG site, you must create a STG environment first. We use WPEngine as our web host and create STG sites using it. The process for setting up STG sites may be different for your web host, but not by much. Here’s how we do it in WPEngine:

  1. Log into your WPEngine account. From the dashboard, go to Sites and select the website you want to create an STG environment for.
  2. Select Add Staging, name it, and select Create.
  3. Once it’s created, go back to Sites on your dashboard. 
  4. The newly-created STG will appear with an “STG” icon next to it. Click on it.
  5. You’ll be directed to your STG site’s dashboard, which will look exactly like the one on your live site.
  6. The process of updating is the same as before. Click on “Please update now,” and you’re done. Make tests to confirm your site is working correctly.

Now you need to push the changes to your live site. Follow these steps:

  • Access your STG on Sites and go to the admin dashboard.
  • The options Copy From and Copy To are in the top right-hand corner. Select Copy To, follow the instructions, and select the changes you want to make to your live site. Finally, merge the two sites to implement the changes.

Our preferred method

We use a slightly modified version of the STG method by creating a local instance of our site. Once created, we follow the same steps as above and test to ensure the site works properly after the update.

Then we push this modified site into a STG environment through Git. Once it’s a STG environment, we double-check that everything works properly. If it is, we merge it with the live site and start using it.

How to update WordPress themes safely?

Screen showing the themes sections of a WordPress

Before updating a theme

  • Create a backup. Incompatible themes can break your site.
  • Check with the theme’s developers to learn about compatibility with your WordPress version.

Updating WordPress themes from the dashboard

This is really straightforward. Follow these steps:

  • On your dashboard, go to Appearance > Themes.
  • Find your active theme and click Update Now.

How to update WordPress plugins safely?

Screen of the Plugins section of a WordPress admin

Before updating a plugin

  • Create a backup. Incompatible plugins can break your site.
  • Check-in with the plugin’s developers to learn about compatibility with your WordPress version. Most plugins will give you no issues, but it’s best to check and be sure.

Updating WordPress plugins from the dashboard

  • On your dashboard, hover your cursor over the Dashboard option and click on Updates.
  • Now you’ll be greeted with every plugin you can update right now. You can update them individually or tick Select All and update all at once.
  • Choose whichever you prefer but consider that updating them all at once consumes more resources from your web hosting plan.

Just like when updating core files and themes, we recommend you set up a STG environment to update and check functionality, then push to live if everything is fine.


Keeping the main components of your website updated is essential for long-term functionality, security, and compatibility. As this article explored, there are quite a few things to consider before making any update, but once you get the hang of the process, it’ll become very natural.

Follow these steps, and you’ll have no issue keeping your website functional and updated.

If you found this article useful, read our blog for more WordPress insight, tips, and guides.