Out of over 18,000 known WordPress vulnerabilities, 362 are related to WordPress Core, 779 are due to themes, and 8546 are plugin vulnerabilities. Together, they make up 53% of the vulnerabilities that the WordPress community faces. [Source]
Now, if Sucuri says 39.1% of infected websites had outdated CMS and 13.97% had at least one vulnerable plugin or theme, it’s not too tough to believe.
The numbers make it clear: keeping everything updated is essential. And if you read between the lines, the solution is simple—automate your updates.
In this blog post, we’ll walk you through how to enable auto-updates for WordPress core, plugins, and themes so you can keep your sites secure and save time.
Table of Contents
How to Keep Your WordPress Site Updated?
There are three main parts of your WordPress site that may require updates:
- WordPress Core: The core software of WordPress.
- Themes: The design framework of your site.
- Plugins: Add-on functionalities to extend WordPress.
Now, remember there are two ways of doing everything: The conventional way and the smarter way.
Let’s explain the conventional way first. If, at any point, it’s too long to read, scroll down to the smarter way. We have added to TOC above so that you can do that with ease.
Once you go to your WordPress admin dashboard, you’ll notice updates for your site in the following places:
- Admin Page Banner: A message will appear at the top of your WordPress admin page if updates are available.
- Updates Section: Click on “Updates” in the WordPress admin menu to view all available updates in one place.
- Plugins Screen: Head to the “Plugins” section to see a list of installed plugins and whether they need to be updated.
If WordPress itself needs an update, you’ll see a notification in the top left of your Dashboard.
Okay, now let’s get started with updating WordPress and enabling WordPress automatic updates.
Step 1: Backup Your Site Before Updating
Before running any updates, always backup your website. This step ensures that if something goes wrong during the update, you can restore your site to its previous state.
There are two easy ways to backup your site:
- Use a Backup Plugin: Install a plugin that allows you to create a backup with just a few clicks.
- Backup Through Your Hosting Dashboard: Most hosts provide a quick way to back up your site. Follow their instructions to create a backup.
Step 2: Updating WordPress Core
Once your backup is ready, it’s time to update WordPress itself.
- Navigate to the Updates section in your admin area.
- If a new version of WordPress is available, click Update to the new version.
Next, you will see what can be updated. Based on the information, you can re-install your WordPress, update the plugins, and/or update the themes of your site.
Obviously, this needs to be repeated for all your sites.
Step 3: Updating Plugins
After updating WordPress core, it’s time to update your plugins:
- Go to the Updates section.
- Scroll down to the Plugins section.
- Look for plugins with the Update Now option. If you wish, you can update these plugins one by one.
- Check the Select All box (or choose the plugins manually) and click on the Update Plugins option from the Bulk Actions dropdown before you hit the Apply button.
This ensures that all plugins on your site are updated to the latest version. Again, this needs to be repeated for all your sites.
Step 4: Updating Themes
Once your plugins are updated, follow these steps to update your themes:
- Return to the Updates section.
- Scroll down to the Themes section.
- Select the Select All box and click on Update Themes.
Step 5: Enabling Auto-Updates for WordPress Core, Plugins & Themes
If you want to streamline the process and not worry about constantly checking for updates, WordPress allows you to enable auto-updates.
- Enable Auto-Updates for WordPress Core:
- Go to the Updates section.
- Click on Enable automatic updates for all new versions of WordPress.
- Enable Auto-Updates for Themes:
- Navigate to Appearance > Themes.
- Select the theme you want to auto-update.
- Click on Enable auto-updates.
- Enable Auto-Updates for Plugins:
- Go to the Plugins section.
- On the right side of each plugin, you’ll see an option to Enable auto-updates.
The Smarter Way of Updating WordPress Core, Themes, and Plugins for Your Sites
Got hundreds of sites to manage? Not an issue. You can connect them to your InstaWP dashboard via the InstaWP Connect plugin and manage them like never before.
Auto-Updating WordPress Core
With InstaWP’s auto-update feature, you can enable or disable automatic WordPress Core updates across all your connected sites with just a single click. No need to log into each site separately.
- Go to your InstaWP dashboard > Connected Sites and click on a site’s name.
- Enable Global Auto Updates if not done already!
- Select Yes for the Auto Update Core option. If you want only minor updates to be auto-updated, choose Minor instead.
Repeat the same for other sites as well, and that too, from the same dashboard.
Auto-Updating WordPress Core
While you can bulk edit (and manually update) plugins and/or themes at once for your multiple websites using InstaWP, enabling WordPress automatic updates for plugins and themes is also possible using this platform.
Just go to a website and switch the auto-update plugin/theme toggle on or off.
Yes, it’s that simple!
Pro Tip: Don’t forget to enable Global Auto Updates before using this feature.
Why Update WordPress Core, Themes & Plugins for Your Sites Often?
Ignoring updates can leave your site exposed to threats and cause conflicts that may lead to downtime or a broken user experience. Below is a quick breakdown of the key benefits and considerations when updating the core, plugins, and themes on your WordPress sites:
| Component | Benefits of Auto-Updates | Considerations |
| WordPress Core | – Security patches applied immediately- Bug fixes and performance improvements | – Ensure compatibility with plugins/themes |
| Plugins | – Reduced maintenance effort- Immediate security fixes- Access to new features | – Compatibility with other plugins/themes |
| Themes | – Design consistency and bug fixes- Security updates applied- Performance improvements | – Consider child themes and theme settings so that customizations are not overridden. |
| All (Core, Plugins, Themes) | – Complete automation for site maintenance- Minimized security risks- Always up-to-date features and fixes | – Potential conflicts if custom code/plugins are used |
Automatic updates can reduce the risk of your site being taken offline due to outdated or vulnerable components. Enabling auto-updates for the core, plugins, and themes means your site is always up-to-date with the latest features, security patches, and bug fixes. This can reduce the likelihood of conflicts or issues arising from outdated software.
Now, if you want to understand the same in-depth, we have elaborated on it for you.
Why Enable Auto-Updates for WordPress Core?
Well, there are 2 main reasons:
- Security: The core of WordPress is the foundation of your site. Auto-updates ensure that your site receives the latest security patches as soon as they’re released, protecting you from vulnerabilities that hackers might exploit.
- Stability and Compatibility: WordPress often releases minor updates that fix bugs or improve performance. Auto-updating keeps your site running smoothly without manual intervention.
Why Enable Auto-Updates for Plugins?
Considering you have multiple websites (owned by your clients) to manage, it is not possible to manually update plugins for all of them on a regular basis.
Automating the plugin updates is beneficial as they ensure:
- Reduced Maintenance: If you have a lot of plugins, managing updates manually can be time-consuming. Auto-updates streamline this process, ensuring that all plugins are up-to-date.
- Security: Plugins can be a significant security risk if not updated regularly. Auto-updates help close security loopholes as soon as updates are available.
- New Features and Fixes: Developers often release updates that enhance functionality or fix issues. With auto-updates, you can benefit from these improvements without delay.
Why Enable Auto Update for WordPress Themes?
If a theme is impacted, hackers notice it the fastest. And if your theme has design distortions due to the latest update, it’s something very unpleasant for your audience. So, here’s why your themes must be auto-updated:
- Design Consistency: Themes often get updates that fix bugs, improve performance, or add new customization options. Auto-updating your theme helps maintain the integrity and appearance of your site.
- Security: Like plugins, themes can have vulnerabilities. Auto-updating ensures that any security patches are applied promptly, reducing the risk of exploitation.
Considerations Before WordPress Automatic Updates
- Compatibility Issues: Sometimes, updates can introduce conflicts, especially if you’re using custom code or less popular plugins/themes. Test auto-updates on a staging site first, if possible.
- Rollback Strategy: If an auto-update breaks something, ensure you have a backup or a rollback plan to restore your site quickly.
When to Enable WordPress Automatic Updates?
- For Security-Conscious Sites: If your site handles sensitive information or has a large user base, enabling auto-updates for security patches is crucial.
- For Low-Maintenance Sites: If you want to minimize the time spent in site maintenance, enabling auto-updates can be very helpful.
- For Regularly Updated Plugins/Themes: If you use plugins or themes that are frequently updated and well-maintained, enabling auto-updates can save time and keep your site secure.
Disadvantages of enabling auto-updates in WordPress
There are reasons why you might not want to auto-update your WordPress sites, such as:
- Custom Code Conflicts: If you customize a lot of things in your developed sites, auto-update can cause trouble. Updates might overwrite custom code or modifications, leading to unexpected problems or loss of functionality.
- Skipped Testing: With auto-updates, you lose the chance to test updates before they go live, which can be risky if bugs or conflicts arise.
- Broken Features: If an update breaks a critical feature and you don’t notice it immediately, your site could experience downtime or other issues.
- Rollback Challenges: If an update causes issues, rolling back or restoring a previous version can be difficult, especially without proper backups in place.
- False Sense of Security: Relying solely on auto-updates might create a false sense of security. Some vulnerabilities need more than just updates, such as changes to settings or additional security measures.
The prevention or cure?
Well, you can test your changes in a staging environment after an update and ensure everything’s good.
The Final Word
For WordPress professionals, managing multiple sites can quickly become a challenge. Not only do you need to monitor, maintain, and update current sites, but you’re also constantly developing new ones that will need attention soon.
Without regular updates, these sites can be exposed to security risks, bugs, and outdated features. Therefore, it’s important to enable automatic updates for plugins, themes and WordPress core for all your sites.
After big updates and for major manual updates, always create a staging and test your changes so that you are secure and your site is flawless.