Round 2: Update to WooCommerce 3.5.1+ before WordPress 5.0

The importance of keeping your store updated

Written by Nicole Kohler on July 19, 2016 Blog, Security, WooCommerce.

If the sight of the “updates available” notification in your WordPress dashboard fills you with a sense of dread, you’re not alone.

"Not again..."
“Not again…”

Updating your WordPress plugins and themes or WooCommerce and its extensions can sometimes be an easy process — just a few seconds of waiting and you’re set. But it can also involve backups, testing, additional updates, and even support requests. Basically, the hassles no one likes.

But avoiding or putting off these occasional hassles can put your site at risk, and even potentially affect your customers. So while you may not always like to go through the process of keeping your WooCommerce store 100% updated, there are many reasons to do it.

Let’s take a look at why it’s important to update your store in a timely manner, starting with some background on why we update WooCommerce and its extensions in the first place.

Why we update WooCommerce

Nothing is perfect on the first try, and that’s especially true of software and applications. Try as they might, developers can’t predict every possible use case for their platform, requested feature, or potential incompatibility.

Proactively seeking out and acting on feedback is one of the best ways any developer can move their product closer to perfect, bit by bit. It’s a process, and undoubtedly time-consuming. Done well, however, it can keep your customers happy (and increase your chances of gaining new ones).

That’s part of the reasoning behind our updates for WooCommerce. You, our customers, request new features or changes to the platform, and we act accordingly.

There’s also a need to keep WooCommerce reliable and secure, which requires regular maintenance and security updates. Our team is always on the lookout for not only bugs, but also conflicts with other extensions or plugins, potential security issues, and other factors that could affect the speed or stability of your store.

Updates, like the recent 2.6.2 fix release, keep WooCommerce -- and you -- safe & secure.
Updates, like the recent 2.6.2 fix release, keep WooCommerce — and you — safe & secure.

In short: we update WooCommerce because we want to keep you happy and your store and data safe. So while it might seem like an annoyance to keep everything current, it’s actually quite crucial.

How not updating your store could put you at risk

Although updating can be a time-consuming matter (say, if you have multiple extensions), avoiding the process for too long could put your store at risk.

As we already mentioned, no software or platform is perfect. New bugs are discovered all the time. And with each update and improvement applied to the individual pieces of your store, the chance for a conflict or newly discovered issue increases… even if only just a little bit.

A common way that avoiding an update can potentially harm you is when a new security threat is discovered in WordPress. These threats are often discovered by individuals and disclosed to the team of volunteers who build the software. They then release a new version that resolves the issue, and publicly state what has been fixed.

While the possibility of an unpatched security issue being exploited on your site is low, especially if you have taken other precautions, there are unsavvy individuals who will look for stores without crucial updates and attempt to break into them. This goes double for stores that are multiple updates behind, or have avoided updating their WooCommerce extensions, theme, etc.

With access to your store, someone could attempt to steal your private data, harm your store, or cause other unwanted trouble. And this wouldn’t just affect you — it would affect your customers, as well.

How avoiding updates could harm your customers

You aren’t the only one who could be affected by an unsavory individual’s attempt to access your insecure site. Although WooCommerce never stores full credit card information, your customers’ physical and email addresses might be stored — and could therefore be stolen.

While this might not sound like much of an issue, this information could be used in a case of reverse engineering to break into online accounts, sold to spammers, and so on. It’s also quite unnerving for customers to hear that their data has been accessed, no matter how in-depth.

Someone accessing your customers' data, no matter what they may be able to do with it, can cause concern... and lost sales.
Someone accessing your customers’ data, no matter what they may be able to do with it, can cause concern… and lost sales.

Additionally, stores that run on outdated software might experience slowness, conflicts between extensions, or even bugs that appear during the shopping process. This can negatively affect your shoppers’ experience… and result in them abandoning your store for someone else.

Basically: avoiding updates can lead to a loss of trust. Even if your customers don’t know that a lack of up-to-date software is why your store isn’t working well, they will realize that they’re not getting the best experience.

How to ensure a smooth update process

By this point, hopefully you’re convinced: updates are critical and you need to get them done.

The key to success here is following an update process for your store that is consistent, repeatable, and relatively easy for anyone following the steps (whether yourself or someone else) to understand. Luckily, it’s not too difficult to establish a process like this.

Here’s what we recommend doing each time you encounter a major update to WordPress, WooCommerce, or a critical extension:

  1. Switch to staging, if you prefer. A staging site can help you better prepare for major updates, test for incompatibilities, and resolve potential issues before they make it to your live store. You can read a bit about creating one here.
  2. Get backed up. This might mean preparing a manual backup if you’re not using a back up service like the one from Jetpack, which automates the process for you. If you are using Jetpack or a similar solution, double-check that a recent backup is available.
  3. Update all (other) plugins and extensions. If WordPress core is updated, it’s not uncommon for other plugins to update with it. Keeping it all up to date will reduce the probability of conflicts.
  4. Run the update process.
  5. Check your store thoroughly. Look for potential issues with your theme, run through the purchasing process, and check on your product pages. If you spot anything strange, you can troubleshoot or roll back. If all looks good, go full steam ahead (and move from staging to the live store, if this applies to you).

Check out this post on preparing your WooCommerce store for a major update or release to learn more about creating backups, performing extension updates, and — finally — updating WooCommerce to the newest version.

A helpful tip: set aside time for updates, rather than doing them “when you get around to it”

One potentially helpful tip for your store updates: don’t do them sporadically or “when you have time” — instead, set aside a dedicated time weekly or monthly to make them a priority.

If you aren’t making the maintenance of your store a priority, you’re likely to neglect it in favor of things you consider more important. And this may not cause any issues initially, but in the long run, it could be very harmful.

Clear out your calendar (well, just a bit): you're going to want to set aside time for these updates.
Clear out your calendar (well, just a bit): you’re going to want to set aside time for these updates.

If you need to, set a recurring calendar appointment for your updates. The occurrence and length of these update periods should be based on the amount of extensions you have and when updating is most convenient for you. (So if you have a few dozen extensions, an hour or two every two weeks might be better than fifteen minutes a month.)

While it might seem a little strange to make a process for something like this, you’ll quickly fall into a routine, and backups, updates, and other regular maintenance will no longer interrupt your regular work schedule.

Updating your store may seem like a hassle, but it’s truly a necessity

We know that it can be time-consuming — sometimes potentially annoying — to go through the update process with your store or its extensions. But this is all worth it, because it’s how you keep your data and customers safe, your store running well, and your profits increasing.

Have any questions about updating WooCommerce, or any thoughts about the process of updating your store? Leave a comment and we’ll get back to you as soon as we can.

cta-banner-10-product-page-v2_2x

13 Responses

  1. Grégoire Noyelle
    July 20, 2016 at 6:18 am #

    Hi
    Thanks for this post.
    I really hope you make use of paid Woocommerce plugins easier on staging site. From now, it’s not. For me that’s the main point.

    • seoclipping
      July 20, 2016 at 11:48 am #

      Agree with you.

    • Nicole Kohler
      July 20, 2016 at 1:39 pm #

      We are working on something for that Grégoire, stay tuned.

  2. Grégoire Noyelle
    July 21, 2016 at 5:59 am #

    Great new. Thank a lot Nicole 🙂

  3. Jordan Alexander
    July 21, 2016 at 7:26 pm #

    Great article. Although WooCommerce doesn’t store credit card information, there is a number of precautions and safety nets that can prevent security lapses. HTTPS with a hosted or off-site payment page through a gateway is always a safe way to process and ensure you as a merc,hant are not putting clients sensitive data at risk.

    Google PCI compliance tips to find a bunch of ideas on how to accept card payments in a secure stetting, lots of great resources available.

  4. Lawrence
    July 22, 2016 at 7:35 pm #

    Actually, I’m excited every time there is a WooCommerce update 😀

    A major help in easing the upgrade process is to make any changes using hooks and filters instead of overwriting template files. This way you don’t have to manually update template files and your changes will be automagically applied to the latest files.

    As I’ve been learning how to use hooks and filters and removing template overrides where possible, the update process has been significantly reduced.

    • Nicole Kohler
      July 22, 2016 at 10:45 pm #

      Actually, I’m excited every time there is a WooCommerce update ????

      You. We like you. 😀

  5. Josh Kohlbach
    July 26, 2016 at 9:29 am #

    As someone who pays close attention to each and every release (I’m a dev) I couldn’t agree with the sentiment of this article more.

    Keeping up to date makes it easier to keep up to date 🙂

  6. James Kelly
    July 28, 2016 at 5:30 pm #

    As a developer we have a daily check across 60 WordPress (20 WooCommerce) sites for plugins, whilst we have a server that has a toolkit to run these updates we have to check sites that have been effected by the updates.

    This is a very smooth process generally and the updates such as 2.6 Shipping updates is a huge improvement to the many shipping plugins that were needed to handle the many rules that international shipping options require.

    • Nicole Kohler
      July 29, 2016 at 2:54 pm #

      That sounds like an ideal way to handle things for multiple stores James. Any chance you’d be willing to elaborate on the process for us any further (say, in a blog post)? I could see this info being incredibly useful for developers or agencies who have lots of sites with lots of updates to manage.

      Regardless, glad to know it’s a smooth process for the most part, that’s lovely feedback 🙂

  7. Matt Ryan
    July 28, 2016 at 5:37 pm #

    HI Nicole,

    Excellent article. I’m going to share it with the owners of a half-dozen Woo powered client sites I manage.

    I use your posts to 3rd-party authenticate my reasoning back to clients when I say that maintaining their site and keeping their ecommerce shop online is more than “… just a mouse click” as they are quick to say.

    btw….we met at WordCamp Lancaster a few months back and I’ve enjoyed your writing since.

    • Nicole Kohler
      July 29, 2016 at 2:53 pm #

      Awesome, thanks Matt! Glad this could help you in what sounds like a big way. 🙂 And cheers, nice to know I’ve got a local reader, haha!

  8. tarnya Burge
    August 6, 2016 at 3:09 pm #

    Thanks Nicole for your article. I also look forward to some kind of arrangement regarding the premium plugins and staging sites, it is especially an issue for some of my more budget conscious clients who are running small business from home. Many of them only need the premium plugin activated for a short time on a second site just for updates. I always recommend my clients update first on a staging version but the issue of the cost of needing a second licence for all the premium plugins (or turning off and on) and depending on the ease of creating or maintaining the staging site can them just want update on the live site:-( For most clients the updates do go fine though 🙂 How often do others update their woocommerce premium plugins? I do not update ask my client to update as soon as a new release comes out unless the update is an important security update.

WooCommerce - the most customizable eCommerce platform for building your online business.

  • 30 day money back guarantee
  • Support teams across the world
  • Safe & Secure online payment