There comes a time in every self-hosted WordPress blogger’s life when they will see this:
WordPress updates are like dentist appointments and oil changes, annoying yet necessary. You’ll get cavities and car problems if you don’t get checkups, and you’ll endanger the health of your blog if you don’t update WordPress.
Why do I need to update?
Think of your blog as a castle you need to defend. Inside the tower are all your precious blog entries. Outside the stone walls is an army of hackers, spammers, and other nasty people who at any time might launch an attack on your blog. The developers of WordPress know about your enemies, so they’ve built defenses like moats and drawbridges to keep them out.
Despite these obstacles, occasionally a hacker finds a weakness in your defenses and breaks into the castle. They might find a lose stone in the wall or find a way to dig under the castle into the courtyard. You can defend you blog from 99 different types of attacks, but it only takes that one hundredth unprotected way to allow someone to break through.
The developers of WordPress don’t just hang around the great hall eating slain deer. When they become aware of a new type of attack, they patch the vulnerability in their software and issue a new release. That’s when you get the message on your dashboard asking you to update. If you ignore it, you are making your blog more vulnerable to attacks.
Different types of updates
Each WordPress update has a release number, like 2.8 or 2.8.2. These numbers give you information about how major the update is, as well as give the developers a way to track what changes were made in which releases. The farther the number is to the left, the more serious the update is.
If the first number has changed, like from 1.0 to 2.0, this indicates a major change in the software. The developers might have rewritten major parts of the code or restructured how it works internally. This type of update can sometimes be tricky to handle since it usually involves updating your database or the way your files are structured. You should back up your blog before any update, but especially before this type of update.
The second number, or rather the first number after the dot, refers to a less major, yet still significant update to the software. It indicates that there have probably been some minor bugs fixed or a few small features added. You’re less likely to have problems when doing this type of update.
The third number, or the number after the second dot, refers to a small change in the software. This type of update is usually only released when a bug or security vulnerability needs to be fixed right away. Otherwise, they would wait to include the changes in one of the other types of updates.
Backup your files
You should always backup your WordPress blog before initiating an update, just in case something goes wrong. You can do this several different ways.
If your host uses CPanel, you can create a backup through that interface by going to http://yoursite.com/cpanel and entering your username and password. There is an icon titled “Backups” that you can click to guide you through the backup process. Make a full site backup and download it to your computer. Also, open the file after you’ve downloaded it to make sure you have everything.
If you don’t have CPanel, there are two WordPress plugins available that will create backups of your site. The WP-DB-Backup plugin backs up your database. Your database contains all the entries, comments, and other settings related to your blog. However, it does not include any images you have uploaded or any of your site’s themes or plugins. The WordPress Backup plugin saves copies of these files for you. You can have the backups emailed to you, or store them in a zip file on your server. Please note, if your web host’s server breaks down, you won’t be able to access any backups stored there. For that reason, it’s always wise to retain a copy on your local computer.
If neither of the options above are available to you, you can log into your site via FTP and download your blog directory to your computer. It’s slow and not the most efficient method, but it will suffice. If you don’t know what FTP is, you shouldn’t be backing up your blog this way anyway.
Ever since WordPress 2.7, it has become very easy to update your site. Log into your WordPress dashboard and go to Tools -> Upgrade. You should then see this screen:
Click on “Upgrade automatically” and you’ll see a screen where you’ll have to enter your web host login information. After you’ve entered this information the first time, it will be saved and you’ll automatically be sent to the next screen, which alerts you that WordPress has been updated. That’s it! It’s easier than flossing.
If you are upgrading from a version of WordPress earlier than 2.7, you will have to update your installation manually. Unless you are technically inclined and are 100% sure you have a backup, this is best left to a professional.
Backups are great. Knowing how to use them is better.
Let’s say the worst happens and for some reason your WordPress upgrade goes, horribly, horribly, wrong. Good thing you made that backup! However, if you don’t know how to restore your blog using the backup, it’s not much use to you. Restoring a site can be complicated and is probably a task better left to your web developer.
It is up to you whether your update WordPress or not, but ask yourself, how valuable is your blog? If a hacker were able to infiltrate and delete everything, would you be able to brush it off or would you be brokenhearted? If it’s the latter, keep up with the updates. It doesn’t hurt to floss either.