WPCloud's WordPress Update Policy: Our Strategic Approach to Site Stability

A comprehensive guide to WPCloud's strategic update policy, designed to maximize site stability and security while minimizing risks.

Overview

At WPCloud, our WordPress update policy is carefully crafted to ensure your website remains secure, stable, and functional. With over 13 years of experience in managed WordPress hosting, we've developed a strategic approach that balances the need for timely updates with the importance of site stability.


Our Update Philosophy

Updating WordPress plugins, themes, and core files is crucial for security and functionality. However, immediate updates can introduce risks such as plugin conflicts, site breakages, and downtime. Our policy aims to mitigate these risks through a measured, strategic approach.

The Risks of Immediate Updates

Immediate updates can lead to:

  • Plugin Conflicts: New versions may not be compatible with other installed plugins.
  • Site Breakages: Updates can cause layout issues, broken links, or non-functional features.
  • Downtime: Severe conflicts can result in your site becoming temporarily inaccessible.

Our Strategic Approach

We employ a strategic update process that includes:

  • Delayed Updates: Allowing time for plugin developers to release patches for any initial bugs.
  • Thorough Testing: Ensuring updates are compatible with your specific site configuration.
  • Security Measures: Implementing virtual patching and advanced firewall rules to protect your site during the update cycle.

Our Update Process

Regular Plugin Updates

Every 20 days, our specialist team manually reviews and tests each update on your site. This timeline is strategically chosen to allow plugin developers to identify and fix any issues that may emerge post-release.

Update Timeline:

  • Day 0-20: Monitoring and testing of new updates.
  • Day 20: Implementation of updates on your site.
  • Post-Update: Thorough testing to ensure site functionality.

Exception Plugins

Certain plugins, due to their complexity and deep integration with site functionality, require extra caution. These are updated every 30 days.

Complete List of Exception Plugins:

  • Elementor
  • Jupiter
  • WPBakery
  • WPML
  • Slider Revolution
  • Oxygen
  • Beaver Builder
  • Divi Builder
  • Avada Builder
  • Fusion Builder
  • Astra
  • NextGEN
  • Themify
  • Page Builder by SiteOrigin
  • YellowPencil
  • LayerSlider
  • Genesis
  • Salient
  • Smart Slider
  • Visual Composer
  • SiteOrigin
  • Thrive
  • LearnDash
  • Gravity Forms

Note: This list is regularly updated based on ongoing monitoring and evaluation.

Security Updates

While we follow a delayed update process for regular plugins, security is our top priority. Our team monitors security bulletins 24/7 and implements critical security patches immediately.

Security Measures:

  • Virtual Patching: Protects against known vulnerabilities even before updates are applied.
  • Advanced Firewall Rules: Blocks exploitation attempts.
  • Real-Time Monitoring: Continuous threat prevention.
  • Automated Backups: Twice-daily backups ensure data safety.

WordPress Core Updates

  • Minor Versions: Automatically implemented as they primarily include security fixes.
  • Major Versions: Implemented after a 4-6 week waiting period to ensure stability.
 

PRO and Licensed Plugins

Premium or licensed plugins require special handling due to their licensing requirements.

License Requirements

  • Premium/PRO plugins need valid licenses for updates.
  • Licenses typically require yearly renewal.
  • Without valid licenses, our team cannot push updates.

Client Responsibilities

  • Maintaining active licenses for premium plugins.
  • Tracking license expiration dates.
  • Ensuring proper license keys are installed.
  • Renewing licenses before expiration.

Important:

WPCloud cannot track individual plugin licenses due to the vast variety of premium plugins and different licensing systems. We strongly recommend maintaining an internal system to track your premium plugin licenses.

Common Premium Plugin Examples:

  • WooCommerce extensions
  • Advanced Custom Fields PRO
  • Gravity Forms
  • WPML
  • Elementor Pro

What Happens With Expired Licenses:

  • Updates become unavailable.
  • Our team cannot force updates without valid licenses.
  • Support from plugin developers may be restricted.
  • Some plugin features might become limited.

WooCommerce Updates: Special Handling Required

WooCommerce sites require extra attention due to their critical role in e-commerce operations. Our policy for WooCommerce is distinct from regular plugins.

WooCommerce Core Updates

  • Updates are NOT automatically applied.
  • Require explicit client request and approval.
  • Scheduled during low-traffic periods.
  • Include thorough testing of:
  • Payment gateways
  • Checkout process
  • Product displays
  • Cart functionality
  • Custom features

Why Manual Approval is Required

  • E-commerce sites directly impact business revenue.
  • Payment gateway compatibility is critical.
  • Custom checkout modifications need verification.
  • Third-party integrations must be tested.
  • Historical data shows higher risk of issues with automatic updates.

WooCommerce Extensions

  • Each extension requires individual handling.
  • Must have valid licenses for updates.
  • Some extensions may have dependencies.
  • Testing required for extension interactions.

Recommended Update Process

  • Monitor available WooCommerce updates.
  • Submit update request to WPCloud support.
  • Schedule update during off-peak hours.
  • Backup creation before update.
  • Testing period post-update.
  • Verification of all e-commerce functions.

Best Practices:

  • Maintain a staging environment for testing.
  • Regularly review payment gateway compatibility.
  • Document custom modifications.
  • Keep detailed logs of extension versions.
 

Important:

Always test WooCommerce updates on a staging site first, especially if you have:

  • Custom checkout modifications
  • Multiple payment gateways
  • Complex shipping rules
  • Custom product types
  • Third-party integrations

Opt-Out Options

We understand that some clients may have specific requirements for managing their own updates. WPCloud offers a flexible opt-out system.

Complete Opt-Out

  • You can request to opt-out of our automatic update system entirely for specific websites.
  • Your site will be added to our "do not update" list.
  • You'll maintain full responsibility for keeping plugins updated.

Individual Plugin Opt-Out

  • You can specify individual plugins that you want excluded from our update process.
  • These plugins will be added to your site's "do not update" list.
  • You'll be responsible for maintaining updates for these specific plugins.

To Implement Either Opt-Out Option:

  • Contact our support team.
  • Specify which websites or plugins you want to opt-out.
  • Acknowledge understanding of update responsibility.
  • We'll confirm once your opt-out is implemented.

Important Note:

Even with opt-out status, our security systems, including virtual patching and firewall protection, will continue to protect your site from known vulnerabilities.


Enterprise Solutions

For clients requiring more control over their update schedule, we're introducing enhanced options in 2025. These will include:

  • Custom Update Schedules: Tailored to your needs.
  • On-Demand Update Requests: With priority processing.
  • Detailed Update Logging and Reporting.
  • Premium Plugin License Tracking.

Support and Assistance

Our support team is always ready to help with update-related questions. Whether you need information about recent updates or want to discuss specific plugin concerns, we're here to help. Contact us through:

  • Support Portal: [support.wpcloud.ca]
  • Email: [support@wpcloud.ca]
  • Emergency Update Requests: Mark tickets as "EMERGENCY UPDATE REQUEST"

 
Did this answer your question?
😞
😐
🤩

Last updated on January 23, 2025