Software updates explained
Why we update your website's software regularly, what we update, and how we make sure updates don't break anything.
Your website runs on software — and that software needs to be updated regularly, just like the apps on your phone. This guide explains what we update, why, and how we do it safely.
Quick summary
We update WordPress core, plugins, and themes on a regular schedule. Every update goes through a backup-first, test-on-staging, then push-to-live process. This keeps your site secure and working without risking your live site.
What "software" means on your website
If your site runs on WordPress, it has three layers of software:
| Layer | What it is | Example |
|---|---|---|
| WordPress core | The foundation that runs everything | WordPress 6.x |
| Plugins | Add-ons that power specific features | Contact forms, SEO tools, e-commerce |
| Theme | Controls the design and layout | Your custom theme or a commercial theme |
Each of these is developed by a separate team. Each team releases updates at different times. Keeping all three layers current — and compatible with each other — is an ongoing job.
Compatibility matters
A plugin update can sometimes conflict with another plugin or your theme. That's why we never update everything at once, and why we always test on a staging site first.
Why updates matter
Updates do three things:
- Fix security holes. Developers discover vulnerabilities and patch them. Every day you run old software, a known hole stays open.
- Fix bugs. Things that were broken or behaving oddly get fixed.
- Add improvements. Performance gains, new features, and compatibility with newer technology.
Skipping updates is the single biggest reason websites get hacked. See Why websites need maintenance for more on this.
How we run updates safely
We don't click "update" on your live site and hope for the best. Our process:
Take a full backup. Before any update, we back up your entire site — files and database. If anything goes wrong, we can restore to the exact state it was in before.
Apply updates to a staging site. A staging site is a private copy of your site. We run all updates there first, so your live site is never at risk. See How we test changes before they go live.
Test the staging site. We check your key pages, navigation, forms, and any custom functionality to confirm nothing broke.
Approve and push to live. Once we're confident everything is working, we apply the same updates to your real, live site.
Do a quick live check. We verify the live site looks and works correctly after the update.
How often do we update?
We run routine software updates on a regular schedule — typically weekly or bi-weekly, depending on your care plan. Security-critical patches (urgent fixes for actively exploited vulnerabilities) are applied as soon as possible.
You don't need to request updates. We handle them proactively as part of your care plan.
What about major updates?
Occasionally, a "major" version update (like moving from WordPress 5.x to 6.x, or a plugin's version 2 to version 3) involves more significant changes. These sometimes require extra testing or small compatibility fixes.
We'll let you know before we run a major update if there's anything to be aware of. In some cases we may ask you to review the staging site yourself before we push live.
What if an update breaks something?
This is rare when following our process, but it does occasionally happen. If a staging-site test reveals a problem, we:
- Identify the conflicting plugin or theme
- Either hold that specific update until the developer releases a fix, or find a compatible alternative
- Push only the safe updates to live
If — in the rare case — something slips through to your live site, we restore from the backup we took immediately before the update. The fix is typically fast.
Common questions
Related guides
- Why websites need maintenance
- How we test changes before they go live
- How backups work
- End-of-life software & why it's risky
- What to expect during planned maintenance
Need a hand?