One of the most common methods used by hackers is to look for security holes in WordPress is by looking for the WordPress version of the site they hope to attack. Even if they didn’t know the WordPress version (some webmasters will hide it), they can still perform a trial and error of the known exploits to see if they work.
As advised by the creators of WordPress, it is extremely important to update the installed WordPress in your website as frequently as possible. However, updating is not simple in all website development scenarios, and lots of webmasters make serious mistakes that can prevent them from easily updating their WordPress website.
This article aims to educate you about updating WordPress. This is very important, particularly if you are still new to WordPress and plan to work with it on a daily basis. If you are ready, then keep reading.
WordPress Core Files and Themed Files
Relatively few people understand the principles of updating WordPress; these are often not clear, especially to new users. Even experts are reluctant to update WordPress because they’re afraid it may affect the existing design and functionality of their website. The root cause of this fear and reluctance to update WordPress is the lack of knowledge of the WordPress core and theme files operation.
WordPress core files are the files that are REQUIRED by WordPress to operate your website normally. They are the ones that are DOWNLOADED by you from http://wordPress.org/download/ . When you extract the zip file, and view the files in the folder, they are the CORE FILES:
WordPress core files will not dictate how your website will look using a web browser. This is because they are NOT called “THEMED FILES.” Theme files dictate the look and feel of your website. Theme files are also where webmasters like you can take full advantage of widgets and plug-ins to further customize the way your website looks, and even set up ones that affect the user experience of your website.
WordPress themed files are NOT included as part of the WordPress download package/core files. You are responsible for selecting your own theme as well as the plug-ins and widgets needed to operate your blog.
You can save your theme files in this path: /wp-content/themes and your plug-ins in this path: /wp-content/plugins
By default, WordPress has the “classic” and “default” themes included in the package, and also “akismet” and “hello dolly” in the plug-in directory. If you do not add a theme or plug-in to your blog, you can choose either of these two built-in themes and activate the basic plug-ins.
However, almost 99% of the time, WordPress users select their own theme and add their own plug-ins. So their theme files will now look like this:
Inside the red box above are the new theme files added. The website shown above uses the “arras-theme.1.3.5” theme, and in the plug-in directory, it adds new plug-ins, “autosaveoff,” “disableautosave” and so forth in addition to the default files included.
What is the point of clearly illustrating the differences between WordPress core files and theme files? What relationship does this have to updating WordPress?
The answer is: “You should only be editing your theme files and plug-in files in order for you to easily update WordPress in the future.”
This is why you should know what and where your core and theme files are, so that when you start working on developing your own WordPress website, you will never edit the core files.
If you edit the core files, then all of your changes will be lost once you update WordPress, and you will edit those core files again (like those files that belong to the wp-includes directory). If you edit those cores files, it now seems very impractical to update WordPress. This is why a majority of WordPress websites nowadays are still not being updated, due to the fear of serious website malfunction, because their core files have been substantially edited.
One common question asked at this point is “If editing WordPress core files is a mistake, then how will I be able to obtain a certain functionality for my website that is not included in both core and theme files?”
The short answer is to install a plug-in that serves that functionality. This is why WordPress plug-ins exist; they perform certain functions without forcing you to edit WordPress core theme files. The down side is, what do you do when you want a difficult functionality that no plug-in offers yet? Then you can request help in this section: http://wordpress.org/extend/ideas/
To prevent website functionality problems during a WordPress update, it is important that during the development stage of your website, you should ONLY edit your WordPress theme files (see below) and add plug-ins to add some unique functionality that is required:
Now you know the important tips and techniques needed to update WordPress without problems. There are two ways you can update WordPress. The first one is time-consuming; it’s called “manual updating.” The other one is easy because it uses the “automatic upgrade” feature/functionality included in the WordPress dashboard (which may not available in all versions). Bear in mind the associated risk if you update WordPress, especially if you have edited the core files before.
Classic/Manual WordPress update (not recommended if you’re using a new version of WordPress):
Step 1: Back up all of your WordPress files, including your WordPress database. You can use FTP, and download all of the important files in your WordPress website. This includes the core files, theme files and the associated plug-ins. Backing up is very important; if updating causes serious problems you can revert to your backup files. Include .htaccess and robots.txt in the backup.
Step 2: If you use XAMPP, you can run your website in your local host with the WordPress and data files you have just backed up. This will verify that your backup files are working.
Step 3: Deactivate all plug-ins.
Step 4: Download the latest version of WordPress.
Step 5: Delete old WordPress files EXCEPT wp-config.php, wp-content folder, wp-images, wp-includes/languages, .htaccess, and robots.txt.
Step 6: Upload the new WordPress files to your FTP server.
Step 7. Enter this URL in your browser; replace “thisisyourdomain” with your own domain name: http://www.thisisyourdomain.com/wp-admin/upgrade.php .
Follow the instructions on the screen. For details, read this page.
Step 8: Update the permalinks (your old permalinks) in the admin panel.
Step 9: Reactivate the plug-ins if you do not need to update any of your installed plug-ins.
Step 10: Review everything that has been changed and confirm that your website runs normally, as it did before.
First check to see if there is an “upgrade” feature included with your existing WordPress installation. Go to Dashboard -> Tools -> Upgrade. If you can see this path, then you can upgrade automatically.
Step 1: Do the same back up procedure I described in the first step in the previous section (for manual updating).
Step 2: You can also test your backup using XAMPP (see details in the second step in the previous section).
Step 3: Deactivate your plug-ins.
Step 4: Go to the WordPress admin panel backup path: Dashboard -> Tools -> Upgrade. Look for the following message: “There is a new version of Word Press available for upgrade.” If you cannot see this message, there is no need to update WordPress.
Step 5: If you see the message above, click the “upgrade automatically” button.
Step 6: Enter FTP log-in details and proceed. If you see this error: “Could not open handle for fopen(),” you have hosting limitations (this is common in free hosting accounts) and you cannot upgrade automatically. Settle the problem with your hosting company before proceeding.
Step 7: If you do not encounter any problem, then the application will be able to upgrade automatically. Once you see the message “WordPress upgraded successfully,” your upgrade is complete. You can then reactivate your plug-ins, one at a time.
Step 8. Review your upgrade and make sure the site is performing normally, the same as it did before. If you edited the WordPress core files (especially those that are included in the WP-includes directory), then those changes will be gone and you need to make them again. This is why you should never edit those core files. Leaving them alone will make a WordPress update as easy as possible.