(rewritten for 2016)
If you are running Drupal, WordPress or Joomla (2.5+), your website is upgradeable.
Your current web developer may not know this, so you should ask. We offer website upgrades as a service.
Follow the rules below and your CMS will stay up to date. Then it’s a just matter of changing the site’s style or theme and adding new functionality as your site ages.
I’m not talking about updating the content on your website. That’s up to you. You can read all about why you should update your website content right here. No. Here I’m talking about the source code behind your CMS.
Bored? I’ll try not to get too technical and stick to the Your Website is a Car analogy where possible.
I’m going to use WordPress as my primary example, mainly because it’s by far and away the most popular CMS (about 25% of sites on the web are WordPress). But this same approach is good for keeping Drupal, Joomla (2.5+), Magento, Shopify and most other Content Management Systems up to date.
WordPress as an example
You can upgrade your website yourself or contact someone us to look into it. We charge between $249pa and $649pa depending on the size of your site and who built it. For the yearly fee we also do a lot of other stuff besides simply keeping your site up to date.
NB: Some web development companies cripple WordPress so that you need to pay them to do updates. This is a questionable business practice. If you can’t add pages, news or images without having to call your web company, it’s probably time to move on.
The secret to website immortality is . . .
Do NOT touch Core cms files
In my 20 years :) of website development, I’ve learnt industry best practices when it comes to running a healthy website. There are tried and true ways to keep WordPress and associated software working perfectly over time. It’s not been an easy task, although the 20 year old web is maturing fast.
What follows is my own personal approach to website maintenance and upgrades.
The Problem with Web Developers
Developers are a funny bunch. Real developers have bushy moustaches, no girlfriends and poor hygiene.
It’s why Web Companies often stick them out the back. Behind the flashy Perspex sign and the long-legged girl at the front desk, you’ll find a hermetically-sealed room of stinky, hunchback programmers.
They’re the guys (usually guys but not always) doing the actual work while the suits are out getting sign-offs. But the main issue with developers is that very few people actually know what they are doing. Most devs think they are “brilliant” and frequently suffer from delusions of grandeur. In short, they become know-it-alls (which further decreases the likelihood of them getting girl [or even boy] friends).
Invariably, heady developers will break the one golden rule when it comes to updating a CMS (WordPress, Joomla or Drupal). Which I’ll repeat here for effect.
DO NOT TOUCH CORE FILES
Sometimes a developer who wants to add new functionality to a website (e.g. an e-commerce shopping cart, change the look and feel of a website, make the site responsive or make use of new technology such as a fancy animated slider). The dev will get in there and change core files to suit the client request. And then he’ll leave.
The website will be automatically updated a week or so later and “Hey Presto” all those changes will magically disappear (over-written).
How developers should do it
Developers are able to make modifications without affecting core files. Any half-decent CMS will update regularly over time and there is a best practice method for adding functionality outside of the usual upgrades.
WordPress has the ability to use “Child Themes”. Modifications of the parent theme (which is also regularly updated) are written in a child-theme. That’s where I write mods for websites.
There are often hundreds of developers behind open-source CMSs like WordPress, Drupal, Magento and Joomla. WordPress has over 2,500 developers. You really don’t need to be re-writing source code that has gone through a massive peer-reviewed process. This diagram serves to illustrate this point.
Every time WordPress updates, essential core files, are changed. Core files can be written in a variety of languages, but usually they are written in PHP retrieving information from and writing to a MySQL database.
The WordPress Core
Core WordPress files are the files needed for WordPress to work. Because WordPress can do literally anything – the core is ready for “plug-ins” and other custom modifications (in the child-theme’s functions.php file). Plug-ins add functionality such as Booking Calendars, Quotation Estimators and anything needed that is unique to an individual website.
A lot of good developers say that WordPress core is “bloated”. That doesn’t mean it’s okay to touch core files in WordPress. But developers egos can be inflated.
Like WordPress, PHP and MySQL are open-source. The code is developed for the community, by the community. Apple, Microsoft or Google doesn’t own the code (like they do with iOS, Windows and Android).
WordPress is developed by a team of developers working under Matt Mullenweg (the original developer of WordPress). It’s interesting to note that including all the paid-for systems, WordPress is by far and away the superior content management system. It now runs one quarter of the entire web!
The WordPress Repository
Core updates are issued by the central WordPress repository. Because WordPress is the most popular CMS in town, that means it is also vulnerable to attack. WordPress core files were updated nearly every fornight throughout 2013 because hackers were constantly finding new ways to get in. Hackers are usually looking for credit card numbers, but more often than not, they just hack for fun. Or to prove to their underworld boss that they are now good enough to hack banks.
Most WordPress core updates are designed to make the WordPress faster, leaner and more secure.
In 2012 I was asked to resurrect 25 websites for another developer. All her sites had been hacked. They each had a picture of Michael Jackson above the words “You Haz Been Hacked” accompanied by a tinny “Beat It” soundtrack. Interestingly, they didn’t use Michael Jackson’s original Beat It. One can only suppose that was out of respect.
Pressing the WordPress update button
Updating WordPress is often a simple matter of pressing an update button in the admin panel. But to be fair, about 5% of the time, pressing this button can “blank” or cripple a WordPress site. Often this happens when a site has run out of space on the server. Other times it’s because a file didn’t write properly during upload. Pressing the button sends a little service bot off to the WordPress repository where it looks at your WordPress program, compares it to the latest version and then appends files and rewrites old files to get you up to date. Sometimes an update will also include a database security tweak.
Pressing the button can be a dream. Hey Presto! In about 2 minutes your site is running the latest version of WordPress.
But it can also be a nightmare and so many (inexperienced) developers simply don’t press it.
Invariably, the site ages and old sites get hacked. Usually within about 6 months or so. That’s when I get a few new clients.
Can I 100% trust the WordPress update button?
Not 100% of the time. Here’s how it should work.
WordPress Basics Tutorials
If You liked that video, Scott from Level Up Tutes hs Heaps more… here’s an autoplay of all tutorials.
As many have no doubt experienced (it may be why you are here) the dreaded WordPress update button can seemingly destroy your website. Seemingly. Pressing update can sometimes (about 5% of the time in my estimation) render an entire website “blank” or affect your site’s main navigation.
When this happens, panic sets in. “What on Earth have I done. Where’s my site? My client will kill me.”
Stay calm. Your site is fine.
The WordPress Update Button killed my site
What’s probably happened is one of several things;
- You lost your internet connection part way through an update (1-5% of the time)
- Your server has hardened security (often as a result of WordPress hacking) and no longer allows certain read / write permissions on directories (about 1-2% of the time)
In the other 95% of cases, the issue is most probably an out-dated theme;
- Your WordPress theme is out of date.
Old WordPress Themes
All is well. Trust me.
You can check if an old theme is the cause by deleting or renaming it (always make a backup, naturally). WordPress will default to another theme and you’ll see your site working – but a little strange looking.
If all your pages and posts are there, you need to hack the theme header files in a child-theme.
This is where things can get technical and you’ll need someone like me (or another WordPress developer) to do that.
In short, what someone (like me) does is hack your old theme to get it working with the new WordPress. Or I’ll implement a new theme (always a better decision). I recommend clients update their themes at least every two years. I have some clients who love their old themes so much, I’ve had to make a few minor modifications to the original theme (now no longer supported by the theme developer).
WordPress Backwards Compatibility
As much as WordPress tries to keep itself backwardly compatible with old themes, it soon has to move with the times. Themes tend to date (look old) after about 2 years, but I’ve managed to keep a few simple older themes above water for over ten years!
More about the programmers behind WordPress
WordPress is just a bunch of PHP files talking to a MySQL database. I’m going to rewrite the core to make it more efficient.
– Ballsy Programmer
Good luck with that, Sir.
Most of the 2,500 devs who build and maintain WordPress are intimately involved in its development. Some keen users just take WordPress for a long run and log issues.
In my opinion perhaps, that many developers have got to be right. I for one, don’t touch core files. I love and respect them too much.
Programmers are a very proud breed of human being who like to do things their own way. Most of us can relate to that. Programming is the only job where corporations conduct both a psychological and personality test before hiring.
I don’t call myself a programmer. My background is literally writing. If I wasn’t building websites, I’d be writing content for them.
The people who work behind WordPress are not just programmers, either. They are from a variety of backgrounds – and for me, that’s what makes the program really great. Writers, web designers, bloggers, usability experts and normal, non-coding professionals are all behind WordPress. You can contribute to the WordPress core here if you really like.
The upshot of it all is this : Never re-write core files.
You can find a list of change recommendations for the core WordPress development team here or you could get involved in your own way by checking out wordpress.org.
If you do need to alter the functionality of WordPress, there are better ways to do it than fiddling with core files (which will only be overwritten when WordPress updates anyway). Okay, maybe now I am getting a bit technical, but read on if you are even mildly interested.
Using WordPress Child themes
If you want to change the look of your site and you are using a paid-for or otherwise supported theme (meaning that the theme developer is proud of the theme you’re using and updates it regularly) consider creating a child-theme.
A child theme sits in your theme’s root folder and “appends” changes to the main theme. Changing files in your child-theme will not affect the main theme should it be updated.
Child themes can consist of a few or just the one modification file (style.css). Most often it’s just a new style.css file into which a web developer or web designer makes changes to the main theme of your site.
- Read about the difference between web development and design in this article
- Read about how to make WordPress Child Themes
You can also add a functions.php file to your child theme. This file will not overwrite the main theme’s functions.php file, but rather append it with your own code or mini programs. If your theme does not support e-commerce plug-ins for example, you could copy the main theme’s template file (e.g. “page-fullwidth.php”) and modify the page layout for use with your new child-theme (e.g. “page-fullwidth-shop.php”).
Using child themes ensures that core files remain untouched. It enables you to update WordPress AND the main theme you are using without affecting the changes you have made to the look and functionality of your site. And when WordPress updates, nothing is over-written.
WordPress Plug-in Repository
WordPress users are very fond of plug-ins. There are more than 30,000 in the repository.
Plug-ins are (often) free little modules that plug into the core of WordPress – like spoilers or searchlights on a car.
Some are paid-for (for example an extensive site-membership plugin or an appointment booking module).
Plugins are sometimes called modules. In Joomla, they are called extensions. It’s a bit like changing the carburettor on your car from the standard one that shipped, to one that saves you money or makes the car go a bit faster. There’s a whole industry built up around WordPress themes and more recently plug-ins. Some themes have literally turned their authors into millionaires.
Not all plug-ins are free
For example, while the WooCommerce (e-shop) plug-in is free (and fantastic by the way – I’d recommend it to any developer) – some of the WooCommerce extensions are extra. I recently implemented the “Do Not Ship to Country XXXX” extension. This Plug-in extension effectively bans shipping of certain products to chosen countries.
If you are contemplating similar functionality across several sites that you are developing, you can write your own plug-in. Your own plug-in might style the Author Box (like the one below this post) for authors on your blog – or you might want to add fields for site editors and users such as an address and phone number. A Customer Relationship Management plug-in for WordPress would be a great addition.
Do NOT touch Core WordPress files
Don’t touch the core files. Ever! Same goes for Drupal, Joomla and Magento.
If you want to make changes to WordPress’ overall functionality, write plug-in. If you are making custom visual changes for a specific website, create a child-theme. You need your website to remain up to date every time the big boys at WordPress update the main core.
If all of this went right over your head and you would like Geoffrey Multimedia to maintain, service and keep your site up to date and secure for a yearly fee, you’re in luck ;) The usual price for yearly maintenance is $349, $449 and $549 per annum depending on your site size. We throw in quite a few extras with regards to security and general on-page SEO which you can read all about here.
Clients who use our web design services pay maintenance at the end of the year so as to minimise up-front costs.
Perhaps we’ll meet again. You know where I live.
Edwin wrote his first (Harrier Jump Jet) text adventure computer program in 1982 during the Falklands War. He now builds websites using best practice, future-proof web development, Ad marketing & SEO. He at Curtin Uni and OUA where in 2007 he was voted 5th best lecturer (out of 2,500) over all disciplines taught in Australia. He loves sharing what he knows with Australian businesses.