Guide

How to Update WordPress, Themes and Plugins Safely

Keeping WordPress, your theme and your plugins up to date is one of the most important things you can do to maintain a secure, well-performing website. Updates patch security vulnerabilities, fix bugs and add new features. Yet many site owners either neglect updates entirely — leaving themselves exposed — or apply them carelessly and end up with a broken site.

The good news is that updating WordPress safely is a straightforward process once you have the right habits in place. This guide explains how to prepare before updating, how to apply updates in the right order, and what to do if something goes wrong.

Before you update: backup and staging

Never apply updates to a live website without a fresh backup in place. If an update breaks something, a recent backup is your escape route. Use a plugin such as UpdraftPlus to trigger a manual backup immediately before you update — even if you have automated daily backups, you want a clean snapshot taken moments before the change.

For business-critical sites, test updates on a staging environment first. Most quality managed WordPress hosts provide a one-click staging tool that creates an exact copy of your live site in a sandboxed environment. Apply your updates there, click through your key pages and functionality, and only push the changes to production once you are confident nothing is broken. If your host doesn’t offer staging, the WP Staging plugin creates a local staging copy for free.

The correct order for applying updates

Always update in this sequence: WordPress core first, then themes, then plugins. Core updates occasionally change how certain APIs work, and updating plugins before core can sometimes surface incompatibilities that disappear once core is also updated. Update one plugin at a time rather than ticking all the boxes and clicking update all — this way, if something breaks, you know exactly which update caused it.

After each update, check your site’s front end in a browser, including your home page, a content page, your contact form, and — if applicable — your checkout flow. These are the areas most likely to surface a visual or functional regression. Also check your WordPress admin dashboard for any new error notices or plugin conflicts flagged in the Site Health screen (Tools > Site Health).

What to do if an update breaks your site

If a plugin update breaks your site, deactivate the plugin immediately via the WordPress dashboard (or via phpMyAdmin or your hosting file manager if the dashboard is inaccessible). In most cases, deactivating the plugin restores functionality while you wait for a fixed version to be released. Check the plugin’s support forum on wordpress.org — the developer may already be aware and have a hotfix available.

If a WordPress core update breaks your site, your fastest recovery path is to restore from the backup you took before updating. Once restored, wait for a minor patch release that addresses the issue before updating again. You can temporarily disable automatic minor updates by adding `define('AUTOMATIC_UPDATER_DISABLED', true);` to wp-config.php — but do not leave this in place indefinitely, as minor updates frequently include security patches.

FAQs

Common questions.

Should I enable automatic WordPress updates?
Automatic updates for WordPress minor releases (e.g. 6.7.1 to 6.7.2) are generally safe to enable — these are primarily security and bug-fix releases with a low risk of breaking changes. Automatic major version updates (e.g. 6.7 to 6.8) carry more risk and are best applied manually after testing on staging. Automatic plugin updates are convenient but riskier; if you enable them, ensure you have automatic daily backups.
How do I update WordPress if I can’t access the dashboard?
If a failed update has broken your admin access, connect to your server via FTP or your host’s file manager and rename or delete the wp-content/plugins folder temporarily to deactivate all plugins. This usually restores dashboard access. Alternatively, restore from your pre-update backup via your hosting control panel’s backup tool.
Can I roll back a WordPress plugin update?
WordPress does not include a built-in rollback feature, but the WP Rollback plugin lets you revert any plugin or theme to a previous version with one click. It works by pulling older versions directly from the WordPress.org repository. Install it, find the plugin you want to downgrade, click Rollback and choose the version you want to restore.
Related guides

More on web design & ux.

Want a hand putting this into practice?

Book a free, no-obligation consultation with a Norwich-based specialist.

Book a free consultation
Get started

Let's put your business in a better light.

Book a free, no-pressure consultation. We'll talk through your goals and tell you honestly what we'd do — whether you work with us or not.

  1. 01
    Tell us a bitFill in the form — two minutes, tops.
  2. 02
    We'll call you backWithin one working day, no pressure.
  3. 03
    Get a clear planHonest advice and a fixed quote.

Free · No obligation · We reply within one working day

Book a free consultation