In light of the latest security updates caused by the misuse of add_query_args() and remove_query_args(), there are likely many plugins that will need updating on your WordPress site. From the many emails I received when clients were auto notified by WPEngine of the recommended updates, I thought I’d quickly show you how you can do these updates yourself.
While you can use these instructions without using WPEngine, you’ll need to make sure you have a backup of your site before proceeding that you can quickly restore if there’s a problem.
1. Login to your WordPress administrator dashboard
Visit http://yoursite.com/wp-admin and login. If you don’t know your login be sure to obtain it from whoever setup your website, or you can try using the lost password link to reset your password.
2. Verify plugin updates are available and click Plugins
On the left hand side, verify there are plugin updates available by looking for a red circle beside Plugins with a number in it. In the above case there are two. Then click on that Plugins menu item to view the list of plugins you have on your site.
3. Find a plugin that needs updating and click “update now”
You’ll notice a plugin that needs updating will have a reddish background, a red bar along the left, and a link to update now. When you click update, WPEngine will prompt you to take a snapshot backup if you haven’t already:
Click Yes, take me to my WPEngine Dashboard and login. You’ll then see a listing of all your backups:
Just click Back Up Now to create a new backup point. Enter a description (ie. “Backup before plugin updates”), and enter your email address to get an email notification once it’s completed. They’re usually quite fast.
You might want to keep this list of backup points open in case there is an issue with the update, so you can quickly restore if there’s a problem. Just open a new tab in your web browser and go to yoursite.com/wp-admin again, and click Plugins.
Finally, click update now again on the Plugin that needs an update, click No thanks, I already did this, and the plugin will update and reactivate. Click Return to Plugins page to go back to the list of Plugins.
Be sure to visit your website and click around to make sure all looks well. If there are any issues with the update, go back to the Backup Points page on my.wpengine.com, put a checkmark beside the backup you created, then click Restore Now. Your site will be back to how it was, at which point you’ll need to see why the plugin update failed – the person who set up your site or a WordPress developer should be able to help with this.
4. Continue updating all plugins
For future plugins you can click No thanks, I already did this when click update since you have already taken a snapshot. For each plugin update, go back to the Plugins page and make sure the plugin no longer shows an update now link. Also, the red number beside Plugins on the left side should go down by one, then disappear once you’ve finished updating all plugins.
You’re done! Be sure to heed recommendations from WPEngine to keep your site secure, and make sure you, your website’s developer, or a service like Maintain or wpcurve are monitoring your plugins for updates on a regular basis.