Why do we perform periodic and controlled updates while many others let the system automatically install updates or perform updates every day?
Updating plugins, themes, and WordPress often causes problems, so we want to be present when updates are applied and take the time to verify them. This cannot be done if updates are automated and unsupervised by the system.
We, therefore, perform periodic updates, which also reduce the number of risk moments since continuously applying updates creates more opportunities for risks. Additionally, we can easily identify unseen problems related to a specific date and address them more efficiently or revert changes if necessary.
We update plugins with known security vulnerabilities immediately outside of the regular update schedule.
What can go wrong during updates?
- Updates are deployed too quickly. Plugins and themes are sometimes updated too hastily without extensive testing, which may cause code errors to go unnoticed.
- Server issues – If the server cannot handle the peak load during updates – meaning the processes are not processed quickly enough – the files may not be fully or properly updated. This can cause the plugins to freeze, and often the entire website crashes.
- Htaccess modifications – Plugins sometimes modify the Htaccess file, where much of the shared code from plugins and WordPress itself resides. It happens that the permalink structure gets lost and all subpages stop loading, or the caching rules are removed, or the security settings are lost.
- Multiple developers – Plugins are created by different companies, and therefore, many different programmers work on the plugins. Sometimes, multiple programmers within one company work on a single plugin. You can imagine that all these people use different techniques, which do not always align.
Over the years, it has become evident that many things can go wrong during updates. I won’t bore you with the details of everything that can go wrong.
The key lesson learned here is control, and not relying on daily automated updates performed by the system without anyone checking if they were successful.
Once again, for emphasis: we promptly update plugins, themes, or WordPress versions with known security vulnerabilities. We don’t wait for the regular update schedule to address those issues.
Controlled updates are a standard practice and service provided with all our security packages.