A comprehensive guide to WPCloud’s strategic update policy, designed to maximize site stability and security while minimizing risks.
Overview
At WPCloud, our WordPress update policy is carefully crafted to ensure your website remains secure, stable, and functional. With over 13 years of managed WordPress hosting experience, we balance the need for timely updates with the importance of site stability.
Our Update Philosophy
Updating WordPress plugins, themes, and core files is crucial for security and functionality. However, immediate updates can introduce risks such as plugin conflicts, site breakages, and downtime. Our policy mitigates these risks through a measured, strategic approach.
The Risks of Immediate Updates
- Plugin conflicts: New versions may not be compatible with other installed plugins.
- Site breakages: Updates can cause layout issues, broken links, or non-functional features.
- Downtime: Severe conflicts can make your site temporarily inaccessible.
Our Strategic Approach
- Delayed updates: Allow time for developers to release patches for initial bugs.
- Thorough testing: Ensure updates are compatible with your specific site configuration.
- Security measures: Use virtual patching and advanced firewall rules to protect your site during the update cycle.
Our Update Process
Regular Plugin Updates
Every 20 days, our specialist team manually reviews and tests each update on your site.
Update timeline:
- Day 0–20: Monitoring and testing of new updates
- Day 20: Implementation of updates
- Post-update: Thorough testing to ensure site functionality
Exception Plugins (Updated Every 30 Days)
These plugins require extra caution due to their complexity and deep integration:
Elementor • Jupiter • WPBakery • WPML • Slider Revolution • Oxygen • Beaver Builder • Divi Builder • Avada Builder • Fusion Builder • Astra • NextGEN • Themify • Page Builder by SiteOrigin • YellowPencil • LayerSlider • Genesis • Salient • Smart Slider • Visual Composer • SiteOrigin • Thrive • LearnDash • Gravity Forms
Note: This list is reviewed and updated regularly.
Security Updates
Security is our top priority. We monitor security bulletins 24/7 and implement critical patches immediately.
Security measures include:
- Virtual patching: Protects against known vulnerabilities before updates are applied
- Advanced firewall rules: Blocks exploitation attempts
- Real-time monitoring: Continuous threat prevention
- Automated backups: Twice-daily backups ensure data safety
WordPress Core Updates
- Minor versions: Applied automatically (primarily security fixes)
- Major versions: Implemented after a 4–6 week waiting period to ensure stability
PRO and Licensed Plugins
Premium/licensed plugins require valid licenses for updates.
License Requirements
- Valid license keys must be active and installed
- Most licenses renew yearly
- Without valid licenses, updates cannot be applied
Client Responsibilities
- Maintain active licenses for premium plugins
- Track license expiration dates
- Ensure proper license keys are installed
- Renew licenses before expiration
Important: Due to the wide variety of licensing systems, WPCloud cannot track individual premium plugin licenses. We strongly recommend keeping an internal license-tracking system.
Common premium examples: WooCommerce extensions, Advanced Custom Fields PRO, Gravity Forms, WPML, Elementor Pro
If licenses expire:
- Updates become unavailable
- Our team cannot push updates without valid licenses
- Vendor support may be restricted
- Some plugin features may be limited
WooCommerce Updates: Special Handling
WooCommerce powers revenue-critical operations and requires distinct handling.
WooCommerce Core Updates
- Not applied automatically
- Require explicit client request and approval
- Scheduled during low-traffic periods
- Include thorough testing of:
- Payment gateways
- Checkout process
- Product displays
- Cart functionality
- Custom features
Why manual approval is required
- Direct impact on revenue
- Payment gateway compatibility is critical
- Custom checkout modifications must be verified
- Third-party integrations need testing
- Historical data shows higher risk with automatic updates
WooCommerce Extensions
- Each extension handled individually
- Valid licenses required
- Some extensions have dependencies
- Interaction testing is required
Recommended WooCommerce Update Process
- Monitor available WooCommerce updates
- Submit an update request to WPCloud Support
- Schedule during off-peak hours
- Create a backup prior to updating
- Conduct a post-update testing period
- Verify all e-commerce functions
Best practices
- Maintain a staging environment for testing
- Regularly review payment gateway compatibility
- Document custom modifications and integrations