Updating WordPress Core, Plugins or Theme: Which One to Start with?

by
What to update first, wordpress core plugins or theme

Updating the WordPress core first and then the plugin or even clicking the update them button may look overwhelming for many. In reality, there are many incompatibility issues and version releases changes that can break the WordPress theme and so, the site will stop working by showing a blank page or no access to the admin area, or long lines of error codes here and there.

For those who don’t know what to update first in WordPress, the core, plugins, or theme, this will be the definitive guide on how to safely update WordPress blogs and never lose content or even risking the design. So, let’s understand these changes.

What’s a WordPress core update?

WordPress updates are file changes in the core, so, these releases can be new functions updates, text, PHP codes, CSS, HTML, javascript, or others. As new things come and others go, WordPress may add new code and remove others, but also, there are many versions to fix bugs and address security issues that can hard website, and by pushing new version updates, everyone gets fixes to his site with a click of the button.

Unlike any software versioning WordPress has Major and Minor releases only:

  • A Major WordPress update is indicated by two sequences like 5.2 and these changes come with new features and developer APIs, so, they can break websites because of incompatibility.
  • Minor updates in WordPress are indicated by the third sequence like 5.3.2 and they’re in general good to install as there are small changes and code, so, safer than major updates.

Updating WordPress themes

WordPress theme updates are linked in the majority of the cases to new features added by the developer or the web design company that sells these designs. So, it can be just a new tool added in the theme dashboard, a new improvement, or other things like performance-related updates and so on. But also, these theme changes can address the latest WordPress core file changes, so, they’re changes to meet the new WordPress file requirements, functions, etc…

Most of the theme updates are not frequent like plugin change or WordPress core file updates, that’s why many themes are stable and pushed new releases once a year or so, to avoid issues.

Updating the WordPress plugins

Unlike themes, WordPress plugins are known for causing the majority of error messages and showing strange error code if are not compatible with WordPress’s lest version. Besides the fact that plugins are good for every blog or site in WordPress, there are also cases when adding dozens of them can cause lots of issues.

WordPress plugins are PHP files basically, and if you consider MySQL and PHP request altogether, you’ll understand that having a bad code could cause fatal errors to the site and make it work slowly in the best scenarios. Now, talking about plugin updates, they’re sensitive, so, if there is a security release, you should click the update button, messing with outdated PHP files is not good for your site.

Now, for third-party plugins that come included in a theme, there is a big issue with updates, Visual Composer (previously) or Slider Revolution and Smart slider are largely used by freelance theme developers and agencies who built themes for clients. So, as a client, you don’t have to purchase a separate license for many useful tools, however, because theme sellers do not update their list of bundled plugins regularly, you may get notifications in WordPress to update plugins like:

  • WPBakery Page Builder
  • Essential Grid
  • UberMenu,  or others.

Unfortunately, there is no way to get the latest version of these tools unless you wait for the web design company to add it, for that reason, skip the update and if you should do that, contact their customer support and tell them there is a new version available, and the can help, otherwise, it’s not a big deal.

How to update a WordPress plugin bundled in a theme?

No matter what theme you’re using, most premium WordPress themes come with plugins includes like slider Revolution, so, if you see that an update is available, here is what you can do.

  1. Login to the account where you purchased the theme
  2. Download all the files again
  3. Unzip the theme files
  4. Browse the files and look for a folder related to plugins or extensions
  5. Find the exact plugin in question, and remove the old one and then, add it or use the FTP method

Here is an example of a plugin that a theme WordPress theme development company included in the download files, so, users can add the plugins update from there if they want.

How to update WordPress plugins bundled in the theme

Versioning WordPress release

As a software WordPress uses versioning to keep track of the different changes, there are major changes, minor changes, and something in the between that you can call sub-minor release or revision.

The WordPress versioning release is not the same as plugins and themes, indeed, they call a third sequence release (example (5.4) a major release, and (5.5.2) a minor release. There are no patch security or dedicated versions to fix bugs, they do all together in one revision.

Now, here is what version men in WordPress plugin, and themes:

The version of any software is a form of 3 or more numbers separated by a dot: example 1.3.4 and from left to right in the example above, changing the version from 1 to 2 is a major release, that means drastically or partially different files and other code that may not work if you change plugins or the theme. The second number “3” for example is a minor version release, so, it can be important in performance, speed, or security but it’s not big enough to be considered like a major WordPress release or update.

The last number (it’s just an example, some plugins have a long version with micro revisions, like 5.4.2.7) means a revision realizes that comes with bug fixes, problem-solving, etc…

Be careful when updating the WordPress core
If the actual WordPress version is like 5.3.3 and you see that the new version release code is 5.4 then wait and test in a local environment or install if you have, it’s a major update. Hence, a version code like 5.4.6 is a minor release, so, it’s not that big to break the theme or a plugin

Will the site break if you update the WordPress core files?

Definitely yes, if the WordPress version and the theme code are not compatible, here is the worst scenario which personally I encountered many times before. You have a good them you purchased from any popular marketplace such as Themeforest or other, and the developer pushed the last update 4 years ago which is awful.

Now, when WordPress has the Fifth version (5.) there are many changes in the core file, including the comments template that was changed, so, people won’t able to add their comments on posts. Of course, the theme developer may be out of business at that time and he’s not willing to do all that hard job and release a new version compatible with WordPress’s latest changes.

When you click on the update button for WordPress core or the theme, the site will start installing the new code and surprisingly, you’ll get a white screen of death, or no updates at all, which means the theme failing the push the new files or the admin will be locked out of the dashboard and won’t be able to log in again unless he does some tricks and deal with FTP, etc…

What to update first, WordPress core files or plugins?

The truth about WordPress updates is this: There are hundreds of updates per year, so some of them are minor changes and some are security updates. So, as a reaction, plugin developers should also follow the latest updates and fix any vulnerability or problem related to the old WordPress files they used.

Thus, plugin updates, in general, are reactions to the WordPress core changes and releases. That means, updating WordPress first or the plugins first can easily break your site or them and make it inaccessible for some time.

Now, not all the updates break WordPress sites, of course, however, in many cases, when a plugin developer is using old WordPress functions that have been updated, and the webmaster clicks the WordPress update buttons, there will be a fatal error in the admin area and the site pages which is not the best way to manage a website and look professional.

My advice is this: If you don’t see security releases in the WordPress changelog or even the plugin changelog page itself, don’t update both sides. WordPress should work and the plugin also without the latest updates, but not for a long time, just wait a week or two until every bug will be fixed and then, update safely WordPress core and the plugins one by one.

How to know if they’re WordPress security updates?

WordPress is not popular because it’s a blogging platform that millions of people use and like, but also, because there is a big company behind that software. So, there are thousands of developers from all the continents who fix a bug and make WordPress work better, and most importantly, there is a dedicated changelog page for all the WordPress versions from the beginning (2003) until now with detailed explanations and issues that were fixed.

Here is how to know if a WordPress update is related to security or just a general update that you can skip for some time.

  1. First, visit the WordPress versions page in the codex platform, and you’ll find long lists of codes followed by dates and names.
  2. Scroll to the bottom of the page to find the latest versions( the tom ones are the oldest versions, the new version on the bottom of the page)
  3. Click on the Blog link and you’ll get all the detail related to the version changes

How to check the WordPress versions by date and details

On the next page, there are the WordPress 5.3.2 Maintenance Release notes, there are no updates related to security.

Example of a new WordPress maintenance release

As you can see, it’s not a major update, so, it’s better to wait until developers update their plugins and themes to be compatible with that version, then, in two weeks or so, it will be safer to update WordPress plugins, code, and theme without issues.

Is upgrading the WordPress site always safe?

On the other side, if there is a security release like the next screenshot for the version WordPress 5.3.1 Security and Maintenance update, then, it’s better to click on the update button for code files.

Checking the version of a WordPress security and maintenance release

If you skip that WordPress version, there is a risk of being hacked or getting vulnerabilities because attackers always try to target old versions with bugs.

Pro tip:
Skipping a security release of WordPress on shared web hosting is a high risk, however, when using a managed WordPress hosting, the security is better, and skipping that version won’t be as dangerous as using regular hosting. 5there are sophisticated programs and systems that protect WordPress even if there is a known vulnerability.

How to find the details about a new update of a WordPress plugin version?

Before clicking on the update plugin button in WordPress, I recommend checking the version first and see what all that change is about. When you’re in the admin area, click on the Updates icon on the top left corner of the page just next to your blog title, or click on the plugins menu from the left admin menu (vertical).

Next, there will be the exact plugin name to be updated and a link to its version details or changelog file. You can click on that and check all the release details about a WordPress plugin before updating it.

How to view the details of a wordpress plugin version

Now, you’ll get a popup with the changelog of that plugin and other details to check. If there is any mention of security, then, it’s better to update it and bring all the new code, so, your blog will be secure. Otherwise, it’s not the time to update the plugin if there is no need for that, anyway, the developer will add other updates because the community of users will find bugs and report them, so, it’s always possible to have the latest version of a plugin, but with its bugs and that’s not a good step.

Exactly as dealing with WordPress theme updates, you don’t have to click on every new release update if it’s not crucial in terms of security.

Every time you see a notice in your WordPress admin are saying:

There is a new version of (them or plugin name) available. View version 13.1 details or update now.

You should click on the version details link first, read them and then decide if you really should update them or not. Most of the WordPress plugin updates are bug fixes, and waiting for a week or two won’t cause any problem in general.

How to find the WordPress theme update and details?

Exactly as plugins, when you see an update note in WordPress linked to your site theme, you can click the version details to learn more. That can take you to the theme marketplace from where you purchased them or to the official website of the company that designs them. In the two scenarios, there should be a file of all the versions especially the new ones with details on what they did and what these changes addressed.

For ThemeForest theme, for example, you can find the theme release notes at the bottom of every theme page like the next example in the screenshot.

Changelog example of WordPress theme version

If you don’t see a major release note, and you don’t want the new feature they added, it’s safe to no update the theme, but not for years, so, if there will be no other release in a month or so, you can update if you want to test the site.

Updating WordPress theme is not good all the time

Not all the WordPress themes check updates automatically and if that’s the case, you should never allow them to install the new version without letting you see what that charge in files is about first. As I said earlier, there is no guarantee that making changes to the theme files will be good for your site, the theme developer or the company may add new features and options because clients asked for them, but if you don’t need them, they’ll just make your site slower even if that’s not noticeable.

I remember a WordPress theme update that was about adding Woocommerce support for a theme about blogging, before the update, the site theme and site work fast, and just after installing the new updates, the site worked slower and there was all the kind of problems in WordPress.

That’s just because Woocommerce itself is not a small step, the Woocommerce plugin is full of files and so, the theme itself should be compatible, and thus, installing a WordPress that comes with Woocommerce files should not be good if you don’t use them at all.

If you think that your blog theme includes all the Woocommerce files, you can ask your theme developer, if it’s safe to remove them to make the site work faster, and don’t forget that you should always use a child theme in WordPress and not the parent one. That ay, if the theme developer pushed a new release, you’ll not lose all the customizations and files, the child they request files from the parent theme, and you sit will work the same way.

A safe way to update WordPress plugins manually

Updating WordPress plugins manually is somehow a safer way to get the function your site needs or to roll back an old version. So, to do that, start by creating a backup for your WordPress database, and don’t skip this step no matter what you think and no matter what web host you’re using.

Not having a backup for your site is the last thing you need if the site stops working for any reason or error. So, go to the PHPMyAdmin interface, select the date of your site and click on the Export option. Or download a backup from your web hosting account if you have one or use a plugin that creates a backup and sends it to your email or cloud storage account. I’ve created a guide on how to create a database backup for WordPress sites, so you can check it out and follow the steps.

Now, it’s time to think about updating WordPress plugin manually using FTP, SFTP, or directly from the admin area.

To manually add the new version of a WordPress plugin, you have two options:

  1. Remove the old plugin file completely and then, install the new one
  2. Just let an FTP software upload the modified plugin files only without removing them all

In both cases, you have to think about what will happen if the new plugin version doesn’t work? So, you need access to FTP software like Filezilla or Cyberduck if you’re using Mac. If you’re locked out of the admin area in WordPress because of a plugin update, you still have the option to remove the plugin and add the old one.

Update a WordPress plugin from the admin area

Now, this is a very important step, don’t skip it, download the actual plugin from your WordPress dashboard in ZIP format. There are two good plugins for that:

The first tool lets you save any plugin to your local computer exactly like downloading it from the WordPress directory

The second one lets you download a theme and also a plugin in WordPress, so, you may choose this one if you’re willing to update them manually later.

How to download a WordPress plugin from admin area

After saving the plugin folder to your local machine or elsewhere, click the deactivate option under the plugin you want to update and remove it, then, look for the folder in a ZIP file (or create a new one)  with the latest version of the plugin you want to install and add in WordPress.

Update a WordPress plugin using FTP

If you’re not able to install a plugin for any reason or you don’t want to mess with WordPress admin, you still have the FTP tool that should be easy to use.

Make sure you save the plugin folder locally in your machine, so, you can upload all its files all together with FTP or SFTP if you’re using a managed WordPress hosting and a VPS. When you’re connected to your site using FTP you should upload all the plugin files to this exact path: wp-content/plugins, so, find the directly named wp-content first, it’s in the same place where wp-admin– and wp-includes are located.

How to update the WordPress plugins manually

Then, open wp-content and find the folder called plugins, double click on it to open, and thus, you find all your blog plugins, again double click on the exact plugin you’d to update, and when you’re in its dedicated folder, open the plugin folder you have locally and drag and drop all the contained files to the remote server.

How to upgrade a WordPress plugin files using FTP

Next, you’ll get a notification to overwrite the duplicate file, agree and thus, you’ll update the plugin manually via FTP.

This is all for this guide on how to update WordPress plugins and what comes first, the core, themes, or just skip to the next version. If you have something to add, use the comment section below and let me know what works best for you and what you think.

About Hostiper Writing Staff

Hostiper Writers have long experience in web hosting and server configurations with CMS like WordPress and other tools to build websites and manage them the right way. We carefully test web hosts and verify the environment of every architecture before testing it, so readers get real hosting advice from expert engineers and technicians.