Security & Maintenance

WordPress Update Checklist

A safe, step-by-step process for updating WordPress without breaking your site

Photo of Editorial Staff Editorial StaffFebruary 26, 2026
503 6 minutes read
WordPress update checklist illustration: people in hard hats working on a website displaying 'under maintenance' to ensure a safe, step-by-step update process.
An illustration depicting the essential steps of a WordPress update checklist to safely maintain your website.

Clicking “Update” in WordPress can feel risky, especially if you’ve seen a white screen of death or a broken layout after a plugin or theme update. The good news: with a clear, repeatable checklist, you can keep WordPress up to date while dramatically reducing the chance of downtime or data loss.

This WordPress update checklist walks you step by step through preparing your site, backing up properly, updating plugins, themes, core, and PHP, and then testing everything so you know your site is safe. You’ll turn updates from a scary chore into a simple maintenance routine.

If you’re wondering why keeping everything current matters so much, start by quickly reviewing why WordPress maintenance is important, then come back here and follow the checklist below.

Prerequisites

Before you start updating WordPress, make sure you have the right access and a small maintenance window. This will help you avoid mid-update interruptions and make it easier to fix issues if something goes wrong.

  • Administrator login for your WordPress dashboard.
  • Hosting control panel or SSH access (for backups and rollbacks).
  • Access to your domain’s DNS or CDN (optional but useful for maintenance mode).
  • Up-to-date contact details for your developer or hosting support (in case of emergencies).
  • A planned low-traffic time window (evenings or weekends for most sites).
Note: If your site is mission-critical (e.g., e-commerce, bookings, membership), strongly consider using a staging site to test updates before applying them to production.

Step 1: Audit Your Current WordPress Setup

Start by understanding what needs to be updated. A quick audit shows you which plugins, themes, and core versions are out of date and whether your environment is ready for changes.

  1. Log in to your WordPress dashboard.
  2. Go to Dashboard > Updates to see available core, plugin, and theme updates.
  3. Note the current WordPress version shown at the top of this page.
  4. Go to Plugins > Installed Plugins and look for any plugins marked as needing an update.
  5. Go to Appearance > Themes and check for theme updates.
WordPress Updates dashboard showing AI Engine and WP 2FA plugins needing updates, compatible with WordPress 6.9.1.
The WordPress Updates screen displaying available plugin updates and core version status.

Checkpoint: You should now have a list of what needs updating (core, plugins, themes), plus an idea of how many changes you’ll be making in this session.

Warning: If you see a huge number of pending updates (e.g., you haven’t updated for months), plan extra time and be ready to run updates in smaller batches instead of all at once.

Step 2: Take a Complete Backup Before Updating

A verified backup is the most important part of this entire checklist. If anything breaks, you can quickly restore your site to its previous working state.

You should have both a database backup and a full file backup (themes, plugins, uploads, and core files).

  1. From your hosting control panel, open your backup tool or File Manager and phpMyAdmin.
  2. Export your WordPress database via phpMyAdmin (or equivalent database tool).
  3. Create a zip archive of your WordPress root folder (usually public_html or a subfolder).
  4. Download both the database export and file archive to your local computer or secure cloud storage.
  5. Optionally, run your backup plugin to create an extra application-level backup.

If you’re designing a robust ongoing backup process, follow the detailed guidance in this WordPress maintenance backup plan and align your update schedule with your backup strategy.

Using WP-CLI for backups (advanced): If you have SSH and WP-CLI access, you can run:

# From your WordPress root directory (SSH terminal)
wp db export backup-before-updates.sql
zip -r backup-before-updates.zip .

Checkpoint: Confirm that your backup files exist and can be opened. Never move forward until you have verified backups.

Step 3: Update WordPress Plugins Safely

Plugins are the most common cause of conflicts after updates. Updating them in a controlled way reduces risk and makes it easier to identify which plugin caused a problem if something breaks.

  1. Go to Plugins > Installed Plugins.
  2. Sort by “Update Available” (if your admin supports this view).
  3. Update critical plugins in small batches:
    • Start with security, backup, and caching plugins.
    • Then update SEO, forms, and other core functionality.
    • Leave WooCommerce and payment-related plugins for their own batch.
  4. After each batch, visit your homepage and a few key pages (contact, shop, blog) to confirm they still work.
WordPress plugins dashboard showing an update notification for the AI Engine plugin, prompting an update to version 3.3.8.
The WordPress plugins page displaying an update alert for the AI Engine plugin, highlighting version 3.3.8 as available.

Using WP-CLI for plugin updates (advanced):

# Update all plugins from SSH (WP-CLI)
wp plugin update --all

# Or update a single plugin
wp plugin update woocommerce

Checkpoint: All plugins show as up to date, and your key pages load without obvious errors or layout problems.

Pro Tip: If you’re using the Jannah theme with the Classic Editor, pay extra attention to page builder or layout plugins. Test at least one long blog post and one category page after plugin updates.

Step 4: Update Themes and Child Themes

Theme updates often include security fixes, compatibility updates, and performance improvements. If you’re using a child theme (recommended), make sure your customizations are safe before updating the parent theme.

  1. Go to Appearance > Themes.
  2. Identify your active theme (e.g., Jannah) and any parent/child theme relationship.
  3. Update the parent theme first, then confirm the child theme still works.
  4. After updating, review:
    • Header and footer areas (logo, menus, widgets).
    • Single post layout (title, meta, featured image, content).
    • Archive pages (categories, tags, blog index).

Checkpoint: Your site’s design and navigation should look the same as before. If menus, widgets, or sidebars disappear, reassign them in Appearance > Menus and Appearance > Widgets.

Warning: Never edit a parent theme directly. Always use a child theme for custom CSS or template changes so you don’t lose them during updates.

Step 5: Update WordPress Core

Updating WordPress core delivers security patches, new features, and performance improvements. Because core changes affect the entire CMS, you should always update core after your plugins and themes.

  1. Go to Dashboard > Updates.
  2. If a new WordPress version is available, review the release notes briefly.
  3. Click “Update Now” and wait for the process to finish without closing your browser tab.
  4. Once complete, you’ll see the “Welcome to WordPress” screen for the new version.

Using WP-CLI for core updates (advanced):

# Check current version
wp core version

# Show available updates
wp core check-update

# Run core update
wp core update

Checkpoint: Your dashboard shows the new WordPress version and you can still access the admin area and key front-end pages without errors.

Step 6: Check PHP and Server Versions

PHP, database, and web server versions can also affect WordPress stability and performance. While not part of every single update session, they should be reviewed regularly as part of your broader maintenance plan.

  1. In WordPress, go to Tools > Site Health > Info and check the PHP and database versions.
  2. Compare them with the recommended versions from your hosting provider and WordPress.org.
  3. If your PHP version is outdated or marked as insecure, plan a PHP upgrade from your hosting control panel.

Checkpoint: You know which PHP version you’re running and whether an upgrade is required. If you decide to upgrade PHP, do it in a separate maintenance window following your host’s documentation.

Note: Always test PHP upgrades on a staging site first, especially if you’re running complex plugins like WooCommerce, LMS, or membership systems.

Step 7: Test Your Site After Updates

Once all updates are applied, testing confirms that your site is fully functional and performing well. This is where you catch subtle issues that might not show up immediately.

  1. Open your site in a private/incognito browser window.
  2. Test key user flows:
    • Homepage > key landing page > contact form submission.
    • For WooCommerce: product page > add to cart > checkout (in test mode).
    • Search, navigation menus, and category/archive pages.
  3. Check your site on mobile (phone or responsive test) to confirm menus, sliders, and forms work.
  4. Run a quick performance and speed check following this WordPress speed test checklist to see if load times changed after updates.

Checkpoint: All critical user actions (reading, searching, buying, submitting forms) work correctly and page load times are similar or better than before.

Warning: If you spot a serious issue (e.g., checkout failure, fatal error), stop taking new updates and use your backup to restore the site or roll back the specific plugin/theme that caused the problem.

Step 8: Document Changes and Schedule Your Next Update Window

Finishing strong means documenting what you changed and planning the next update cycle. This helps you troubleshoot future issues and keeps your maintenance predictable.

  1. Record the date of this update session and what was updated (plugins, themes, core, PHP).
  2. Note any issues you encountered and how you fixed them.
  3. Save this information in a shared document or ticket system if you work with a team or agency.
  4. Schedule your next update window (e.g., weekly, biweekly, or monthly) on your calendar.

Checkpoint: You have a short log of updates and a recurring reminder for future maintenance, so you’re not relying on memory next time.

Stay Confident Every Time You Update WordPress

WordPress updates don’t have to be stressful. By auditing your site, taking reliable backups, updating plugins, themes, and core in the right order, and testing carefully afterward, you can keep your site secure, fast, and stable.

Save this WordPress update checklist and follow it every time you plan maintenance. Over time, you’ll build a solid, repeatable process that protects your content, your traffic, and your business from unexpected update surprises.

Further Reading

Frequently Asked Questions

How often should I run this WordPress update checklist?

For most business and content sites, running this checklist once a month is a good baseline. If your site processes payments, bookings, or sensitive user data, aim for weekly updates plus immediate security updates when they are released. Always align your update schedule with your backup schedule so you’re never updating without a recent backup.

What should I do if my site breaks after an update?

First, don’t panic. you can still reach the admin area, deactivate the most recently updated plugins one by one and test the site after each deactivation. If you can’t access the admin, rename the plugin folders via FTP or your host’s File Manager to disable them. If that doesn’t fix the issue, restore the full backup you created before running this checklist.

Is it safe to use automatic updates for plugins and themes?

Automatic updates can be convenient for minor updates and security patches, but they also remove your ability to test changes before they go live. A balanced approach is to enable automatic updates only for trusted plugins (e.g., security or backup tools) and keep manual control over complex plugins like WooCommerce, LMS, or membership systems, where a small change can have large side effects.

How do WordPress updates affect site security?

Updates often include patches for known vulnerabilities. Running outdated versions of WordPress core, plugins, or themes is one of the most common ways attackers compromise sites. By following this checklist regularly—especially the backup and testing steps—you significantly reduce your attack surface while still keeping your site stable and usable for real visitors.

How long does a typical update session take?

For a small to medium site with a handful of plugins, a well-prepared update session (including backups and testing) may take 30–60 minutes. Larger sites with WooCommerce, memberships, or complex customizations can take longer, especially if you test updates on a staging site first. Over time, as you refine this checklist, the process will become faster and more predictable.
Tags
Photo of Editorial Staff Editorial StaffFebruary 26, 2026
503 6 minutes read
Photo of Editorial Staff

Editorial Staff

Related Articles

Illustrative guide to protecting WordPress files, with people working on website security, coding, and system hardening.

How to Protect WordPress Files

February 24, 2026
An illustration of a team working to repair and secure a hacked WordPress site, featuring a monitor, tools, and an 'Under Construction' barrier.

How To Clean a Hacked WordPress Site

February 12, 2026
Illustration of developers securing a WordPress website, protecting files and URLs to prevent direct access and unauthorized entry.

How to Prevent Direct Access in WordPress (Protect Files and URLs)

February 6, 2026
How to Backup a WordPress Site illustration with people, code, gear, and tools for data protection and maintenance.

How to Backup a WordPress Site

December 29, 2025

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button