three tips for wordpress updates

This week saw a security release for WordPress which addresses several potential cross site scripting vulnerabilities. Great! However, if you’re one of many waiting to update to the newest version of WordPress you may be a little confused and worried. Why? When you login to the WordPress dashboard, there’s a notice that says “WordPress 5.0.1 is available! Update now.”

Screenshot of website showing: Notice that WordPress 5.0.1 is available! Please update now.

But you don’t want 5.0.1! You want to update your site to 4.9.9! How do you get this security release?

If you have autoupdates turned on, then your site updated to this minor release. Yay!

But what if you don’t?

Option 1- be a little geeky – WP-CLI

If you have terminal (command line) access to your web server, then it’s straightforward, even if you aren’t too familiar with the command line. There’s a tool, WP-CLI to help you out.
Follow the instructions of your webhost to log into your server.
Then change to the proper directory for your website (often public_html), and run the command wp core update --minor.

Option 2- Manual update

Yep. Sorry. There are plugins available that can help, but I’m wary of adding plugins for core update management. I urge you to request access to your web server and use WP-CLI!

If you do need to perform a manual update, backup your database and make sure you have a copy of your (child) theme.

The instructions for a manual update are at wordpress.org.

Configure autoupdates for minor versions

This is to ensure future updates, and helps reduce scrambling when there’s a security release. While most updates of core are safe, I don’t always want to jump to the latest version. Gutenberg is a prime example as to why. I also disagree with a blanket “yes” to always autoupdate plugin and theme files. There are reasons why I might wait and for most of my maintenance clients, I manage this process. If you want to work on automatic updates of your plugins, this article at kinsta is informative and not overwhelming for most users A Deep Dive Into WordPress Automatic Updates.

In your wp-config.php file:
define( 'WP_AUTO_UPDATE_CORE', 'minor' );

You can learn more about automatic updates at wordpress.org.


I hope that this short guide helps you navigate the world of WordPress updates.