Overview
Periodic updates for WordPress and its plugins are released to introduce new features, address performance problems, and resolve security vulnerabilities. Keeping WordPress up-to-date is critical to ensure that your site operates without interruption and without being hacked.
How to update
One-Click Method
- Go to Web > Web Apps within the control panel
- Select the hostname from the dropdown list
- If WordPress resides in a folder within, click the dropdown and select Edit Subdir. Select the folder.
- Under App Meta, click Update in the Version heading
- If the app has not been previously detected, select Detect
- WordPress and its plugins have been updated
Manual FTP Method
- Login to your WordPress admin portal, typically under
wp-admin/
- If WordPress is installed and accessible via http://example.com, then the admin portal is accessible via http://example.com/wp-admin
- Under Dashboard, look for Updates. If updates are available, a count of available updates is visible next to it.
- Click on Updates > Update Now (only if WordPress core application update available) and Update Plugins (only if WordPress plugin updates available)
- Your FTP credentials will already be filled in if you have updated by FTP before. Enter your FTP password
- Don’t know your FTP credentials? See Accessing FTP server
- Specify
localhost
for Hostname- Traffic will stay local on the server adding an extra layer of privacy
- Need to reset your account password?
- WordPress will automatically download and install available updates.
- Upon completion, you are redirected to the admin portal, Updates is no longer visible, and a confirmation is presented
If something goes wrong…
Open a ticket within the control panel under Help > Trouble Tickets. We can rollback a database backup or filesystem backup depending upon what went wrong. Unless you modify WP core library files manually through the terminal though, this is extremely unlikely to happen.
Why use FTP?
Using FTP greatly improves account security by requiring roles to restrict access. First, the web server acts as a read-only user for crucial files, but can also write to media content under wp-content/uploads/
. Second, those crucial files can only be modified by you and through FTP; you have read-write access on all files. FTP password is not stored on the server, so if your account were hacked, damage would be restricted to wp-content/uploads/
. Servers are configured to restrict scripting languages and serve only static content under that directory, which makes your account very secure.
The downside is that you need to enter your FTP password every time you update. But, you have fantastic security.