If you are setting up or running a site with WordPress, there are going to be updates. Updates to your core software. Updates to your plugins. Updates to your themes. I harp on this a lot, and it makes me absolutely crazy when I log into a new client’s WordPress site and see that the software hasn’t been updated. There’s a reason why updates come out, and often it has to do with security. And if you want to know what’s more inconvenient than hitting the update button… the answer is fixing your site after it’s been hacked.
So whose responsibility is it to be sure the updates are done? Is the owner’s or the site developer?
It would be easy for me, as a developer, to say “site owner!” and leave it at that, relinquishing myself of all responsibility. But it’s not that simple.
My answer is that it’s 50/50. Half the time the developer should do it, and half the time the site owner should do it. When is it whose responsibility?
Site Owner: If a client comes to me with an existing WordPress site that I work on, a site I didn’t install or configure, to which they are already an administrator. In that instance, it is the site owner’s responsibility to run the updates.
Developer: If I create a new WordPress site for a client, and when it’s time to give them the keys I only give them Editor access, then it’s my responsibility as the developer to run the updates. Because Editors can’t run updates. They can’t see that updates are available, and they can’t run the updates. So if you only grant Editor access to the site, then it is definitely your responsibility to run the updates. (Whether you charge for this or not is going to be up to what you and your client agree upon, but this should be part of your contract.)
One other scenario: There are other times when this may come up. For instance, we provide web hosting for some of our clients. I absolutely insist that every site on my server have updated software. To that end, if a site is on my server, then I run the upgrades. Always.
“But, Amy, I don’t have time to login in to every client’s account and run updates? Updates come out daily!”
This is true, updates come out a lot. Between core software, plugins, and themes, there are often daily updates. Here’s my secret for managing updates. ManageWP. ManageWP is a service that automates updates for WordPress sites. Each time I complete a site, I add it to my ManageWP dashboard, and every day I take two minutes to login and run any updates with a click of a button. It’s super easy and makes my life a lot easier.
“But what happens if an update breaks my site?”
This is a possibility any time you run an update. Some in the industry will tell you that you should set up each site locally or on a temp server and run the updates there before running them on the live site, to be certain they are going to work. This is never a bad idea. And it’s easy enough if you are just managing one site, but what happens when you have 100 sites? It’s just not possible for me to duplicate each site every time there’s an update to test. So I don’t. If you have set up the sites well, using a strong theme or framework like Genesis, then most of the time, the site won’t break. (Incidentally, if a client comes to me with an existing WordPress site that I didn’t set up, with lots of outdated software, then I always duplicate the site to test the upgrades first.)
That’s not to say it will never break. It can happen. And when it does, you may have to figure out why and fix it. But here is what I know to be true. It’s much, much easier to fix a site that breaks when you run an update than it is to fix a site that’s been hacked. And if you don’t run the updates, you are inviting hackers into your site.
Of course, if you have a high traffic site that would cause a lot of problems if it went down during an update, then definitely set up a duplicate and test the updates. In fact, if you have a highly active, high traffic site, I would recommend keeping a local version for testing all the updates, so you can always be sure. But for most of the sites that we do, this is not an issue.
So, in the end, it’s between your and your client to figure out who is responsible for the updates. It’s okay to charge your client for this, because it does take time to manage and you are providing a valuable service. Just be sure that everyone knows who is doing it, what it will cost, and how important it is to update. Just like owning a new car, you can’t forget basic maintenance and expect it to run forever. You have to change the oil. A WordPress site is no different. There will be maintenance and it needs to be done.
Be responsible and plan accordingly!
Join our list!
Our blog, delivered to your inbox. Never miss a post!