One of the most overlooked parts of having a WordPress website is understanding the need to keep that website secure. Keeping a WordPress website secure is an on-going process. Central to the security is keeping WordPress updated. There are three parts to a WordPress install that need to kept updated — the theme, the plugins, and the WordPress files themselves.
Hackers. It is that simple. Hackers are looking for vulnerabilities in code anywhere and everywhere on the world wide web. There are literally hundreds of files that come with the WordPress install. More files come with the WordPress theme and even more files and scripts when you add plugins to the install. One way to prevent hackers from getting into your website’s code it to keep your website updated. Updates get you the newest version of the code running your website. These updates include code fixes to any holes or vulnerabilities before a hacker can find and exploit them.
A WordPress website can be easily updated by logging into your WordPress admin dashboard and going to the Dashboard > Updates tab. From there you make update your website files. There is a very specific order in which these files should be updated:
Always update your website files in this order. It might be a helpful to point out that these list items just happen to be in alphabetical order, P, T, W — Plugins, Themes, WordPress.
The order of updating within WordPress is important for one simple reason, hierarchy. Plugins can rely on theme code and WordPress to function properly. Theme code can rely on WordPress code to function properly. If you started by updating WordPress you might break your theme and plugins but if you start with you plugins you will ensure that you have the newest versions of the files that are compatible with the newest version of WordPress before anything breaks.
Sure. Most of these problems can be avoided by running your updates in the proper order. This does not guarantee there won’t be issues with running updates, especially if there are major updates to your theme or WordPress. If a plugin or theme developer has kept with the latest changes to the WordPress core files then you plugin or theme might fail to be compatible with the WordPress update. You should always make sure you have your website backed up before running any major updates. Should updates “hose” your website you may have to have your web host or web developer restore a previous version of your website.