Question from Oliver: I have a question about WordPress, Rick.
How long do you recommend that we wait before installing updates to WordPress and our themes and plugins?
I’ve seen different people make different recommendations.
Some say to install the updates ASAP right after they are released. Others say to wait a week or two to make sure there aren’t any bugs that could crash the blog.
What’s your opinion on this?
Rick’s answer: Oliver, I happen to fall pretty close in line to the “install ASAP” camp, but with a few caveats.
First of all, if an update is released to patch a critical security flaw that’s actively being exploited by hackers to break into lots of blogs, I recommend installing it immediately.
I believe in cases like that I’d rather risk the small chance that a buggy update could break my blog than chance a greater risk that my blog could get hacked.
However, if an update is released just to fix a minor bug or two or to add new features I always wait a day or two to install it.
In those cases there is really no rush so it won’t hurt to wait a little while to install the update.
I don’t recommend waiting any longer than two days to install updates under any circumstances unless a buggy or seriously flawed update is causing widespread issues within the blogging community.
Why? Because roughly 30% of all the websites on the Internet run under WordPress, which translates to millions of websites and blogs.
If there’s a serious issue with an update it will likely be reported by numerous users and patched within a day. That means the risk of a bad update taking down your blog after two days have elapsed is quite small.
Of course there will always be a chance that a quirky update could take down your blog. The odds of that happening will never be zero.
But that being said, there are a couple of things you can do to ensure that you’ll be able to quickly get your blog back up and running if disaster due to a bad update ever does strike:
1 – Make sure you keep your blog backed up with a good WordPress backup plugin/service that makes it easy to quickly restore your blog if need be.
There are several great WordPress backup options out there, and some of them are free.
But personally, I use and recommend the awesome VaultPress backup service provided by Automattic, the company behind WordPress itself.
VaultPress isn’t free, but it only costs a few dollars per month. And there is simply no backup option for WordPress that works better or is easier to use.
2 – Keep your web server’s FTP information handy. That way if a bad plugin update breaks your blog you’ll be able to quickly get it back online by following the steps listed in this post.
Bottom line: A good rule of thumb is to install security updates that patch critical security holes as soon as possible but wait a day or two to install the less important updates.