You’ve launched your client’s WordPress website and want a stable plan for the future.

As a freelancer or agency, having dozens of sites (or more) means handling hundreds of potential updates and changes.

Let’s set aside the plugins and themes for now…

In this article, we will talk about how to manage core WordPress updates (security, maintenance, and major version upgrades).

Is it best to set everything to automatically update?

Or should you manually choose when to update the core?

We recommend a combo of both — some core updates to be disabled, with the majority to be enabled automatically.

And we’ll explain why below.

Allowing Automatic WordPress Updates

Generally, the easiest choice for managing WordPress versions is to allow automatic updates, then ‘set it and forget it’. Many managed hosting services already permit this and have it enabled by default.

It may even seem like a no-brainer.

The WordPress core is a prime target for hackers, so security updates are a must.

Setting them to auto will just free up your time for more lucrative work, like sales or design.

In addition to thwarting external threats, updating the core allows for new features, bug fixes, and performance tweaks to be installed. This helps keep the site running smoothly and efficiently.

Nothing like logging in to a site six months later to do a ‘quick’ content change, and have it drag like molasses.

So why not leave it at that?

Well, just like when you let your computer auto-update all the software, things don’t always go smoothly.

Disabling All Automatic WordPress Updates

WordPress has a lot of potential break-points:

  • core
  • theme
  • plugins
  • any customizations you’ve made to the three above

So some people choose to only do manual updates, one element at a time.

The very real fear is that a new version comes to the core, auto updates, and then breaks multiple client sites at once (without you even realizing until angry customers start calling in).

In this case, major version changes especially can be a headache.

If you don’t manage a lot of sites, or you plan to check them regularly, it could be a viable option to only do manual updates.

Automatic updates can be disabled by adding this code to the wp-config.php file:

But the WordPress team strongly discourages it. This approach means missing out on the security updates that rarely have a negative effect on the other elements of your site.

So now we arrive at a compromise solution…

An Ideal Way To Manage WordPress Updates

In our opinion, the best way to handle core updates is to allow the minor changes (security and maintenance) to happen automatically.

Then you should monitor for major version updates and do those manually.

This is how WidePath is set by default; if a version is written as 5.4.3, then WidePath only auto-updates on changes to the final number (3 in this example).

Ironically, this is how WordPress works out of the box. But some managed hosts alter the configuration, and some users will choose to customize their updating experience with plugins.

At least with the major-manual, minor-auto method, you’ll save a ton of time that you would have used checking and testing.

And security updates have a very low chance to break anything (although it can still happen, so be aware).

One interesting note about having to do manual updates of major changes:

Version updates are a great conversation starter with clients.

Practically all WordPress sites, no matter how well kept, will need a revamp every couple years. But often clients don’t understand the ever-evolving nature of WordPress, plugins, themes, and the web in general.

You’ll hear things like ‘I thought I was paying you to take care of that already.’

If you frame the conversation around ‘a new version of WordPress’, it can make things more concrete and more inevitable in their mind.

Then you can use this direction to engage them on a refresh of design or content, as needed.

This is not to say that you should necessarily charge them every time a major WordPress update happens. Of course that depends on your maintenance agreement.

But it’s a great reason to reach out and connect with your clients.

Either way, let’s say you’re finally facing a major change that an auto update won’t cover.

What’s the best way to proceed?

How and When to Manually Update WordPress

Once you see that a new major version of WordPress is available, you’ll need to set aside some time to test it.

If you use many different themes and plugins across your sites, this will get a bit more complicated. It’s for that reason that we also recommend limiting the themes/plugins you use as an agency or freelancer.

Another good rule of thumb is not to update to a new major version for at least a few weeks after it is released.

Often there are bugs discovered in that timeframe by the most popular plugin and theme makers. So it’s best to let those shake out first.

Finally, there may be no pressing need to take on a new major version at all.

Yes, eventually you want to do it. But rather than thinking about flipping all your sites simultaneously, schedule piecemeal updates to stretch over time.

The reason for this is mainly the disruption to editing.

If you allow your clients to edit their own sites, and the interface changes (even slightly) you will have to field a lot of complaints.

And if you have staff or subcontractors, they may require additional training on the best practices of using the new version.

In picking a site to test, first make sure that the plugins and theme are up to date, with no issues.

You can do this all within the WordPress dashboard.

You may in fact run into problems with the latest version of your plugins/theme, and those will have to be solved before moving forward.

Once everything else is updated, you can make a backup. And only then you can go and press the big blue Update Now button.

As always, if there are problems, you’ll need to go through and turn off plugins one by one to see if any are conflicting with the new core version.

So there you have it!

Although many developers and hosts have their opinions on the WordPress update procedure, we believe this solution gives you the best of both worlds.

Automating the more frequent security updates allows you to focus on more important things like client requests and business building.

And manually updating major core changes lets you be more proactive in forming a plan, and saves major operational disruption.

Need a better hosting solution to manage all your clients?


Signup For 5 Free WordPress Websites On WidePath