Side view of unrecognizable craftsman in casual clothes standing with electric cordless screwdriver in workshop

How often should I perform WordPress maintenance?

Never Defer Maintenance

WordPress has many moving parts, and each one requires care and and feeding. The very worst thing you can do is ignore updates and let them pile up. This article gives you actionable guidance on how often you need to update:

  • Linux operating system
  • Plugins
  • Themes
  • WordPress Core

When you launch a WordPress site, its a moment in time. Its likely your developer updated the operating system, WordPress itself, and any plugins used at launch time. But it doesn’t stay that way. As your website ages, the underlying Linux OS publishes updates, plugin authors update their code, and WordPress itself gets updated. In other words, your original setup drifts from its original configuration.

Therefore, consider your WordPress site always in motion, always changing. In order to keep up with that motion, the very FIRST thing you need is a server backup regimen. This can be as a simple as turning on a backup service offered by your hosting provider, or using a plugin like Updraft Plus to take backups and ship them offsite to a cloud storage provider. Backups allow you to update software without worrying about breaking something; you can always restore a backup if something goes wrong. Backups should be done daily (at a minimum), and more frequently if you update your content multiple times a day.

Linux Updates

Linux is the de-facto operating system (OS) for WordPress. It is the foundation of your website, and must be checked for updates once per week. Often times these updates fix important security vulnerabilities in core WordPress internals, such as PHP or the MySQL database. The best practice is to run updates soon after they are released (think days). The longer you wait, the greater the chance you’ll get hacked.

Plugin & Theme Updates

You should be very selective about the plugins you utilize on your site. Using well-known, popular plugins means they are more likely to be better tested and have bugs resolved more quickly. For mission-critical sites, wait no more than 1/2 day after a plugin update is released for any bugs to be ironed out, then update it.

However, if you receive a vulnerability warnings, immediately update all vulnerable plugins, themes, or WordPress versions. In the past, when we didn’t update right away, a site was hacked.

WordPress Core Updates

There are updates we always hold back on: Branch updates. These are updates that have a major version (branch) update, and represent a separate line of new development that has been merged back into the core product. Developers create new branches to encapsulate their changes when adding new features or fixing bugs. Therefore they are likely to contain bigger changes. By contrast, a minor version change in WordPress occurs within a Branch; these are considered minor releases that are generally safe to apply without issue.

You can review past and present WordPress releases at the Release Archive page. To make this more clear, see the image below. A safe, minor release occurs inside a branch, such as 6.5.2, 6.5.3 where the last digit is incremented. These tend to be safe updates, but what is often less safe is jumping to a new branch, say from 6.4 to 6.5; consider those updates to contain significant changes, which means its often wise to wait on updates.

Updates To More Than Three Sites

If you have more than 2-3 WordPress sites, you should be using a site management tool such as ManageWP, InfiniteWP, or MainWP which allow you to deploy updates to all sites in a single click. We usually perform regular website maintenance once per month for all sites via the MainWP dashboard. ManageWP will also run snapshots (“Safe Updates”) before updating, which give you peace of mind. ManageWP can also perform a quick restore from snapshots/backups, so you can usually update without fear.

Manual or Automatic Updates?

Turning on automatic updates depends on your comfort level and risk tolerance. You are trading speed, convenience, and increased security (automatic updates) against potential site breakage. As a matter of policy, we prefer manual updates, which we perform manually the first week of every month.