How to Manually Upgrade WordPress, Themes & Plugins
The WordPress Security Learning Center
How to Manually Upgrade WordPress, Themes & Plugins

3.4: How to Manually Upgrade WordPress, Themes & Plugins

Intermediate
Updated September 30, 2024

If you have set restrictive file permissions on your site you may have to upgrade your WordPress core, theme and plugin files manually. You may have another reason for doing so. Below we include a detailed guide on how to do this.

Upgrading WordPress Core Manually

  1. First create a full backup of your website. This is very important in case you make a mistake.
  2. Download the newest WordPress ZIP file from wordpress.org.
  3. Unzip the file into a directory on your local machine or in a separate directory on your website.
  4. Deactivate all of the plugins on your WordPress site.
  5. Go to your website root directory and delete your ‘wp-includes’ and ‘wp-admin’ directories. You can do this via sFTP or via SSH.
  6. Upload (or copy over) the new wp-includes and wp-admin directories from the new version of WordPress you unzipped to your website root directory to replace the directories you just deleted.
  7. Don’t delete your wp-content directory or any of the files in that directory. Copy over the files from the wp-content directory in the new version of WordPress to your existing wp-content directory. You will overwrite any existing files with the same name. All of your other files in wp-content will remain in place.
  8. Copy all files from the root (‘/’) directory of the new version of WordPress that you unzipped into your website root directory (or the root directory of your WordPress installation). You will overwrite any existing files and new files will also be copied across. Your wp-config.php file will not be affected because WordPress is never distributed with a wp-config.php file.
  9. Examine the wp-config-sample.php which is distributed with WordPress to see if any new settings have been added that you may want to use or modify.
  10. If you are upgrading manually after a failed auto-update, remove the .maintenance file from your WordPress root directory. This will remove the ‘failed update’ message from your site.
  11. Visit your main WordPress admin page at /wp-admin/ where you may be asked to sign-in again. You may also have to upgrade your database and will be prompted if this is needed. If you can’t sign-in, try clearing your cookies.
  12. Re-enable your plugins which you disabled earlier.
  13. Clear your browser cache to ensure you can see all changes. If you are using a front-end cache like ‘varnish’ you should also clear that to ensure that your customers can see the newest changes on your site.
  14. Your upgrade is now complete and you should be running the newest version of WordPress.

Upgrading WordPress Plugins Manually

  1. First back-up your WordPress site if you haven’t already.
  2. Download a ZIP file of the plugin you need to upgrade. You can usually find most plugins on the plugin repository along with a link to download the newest ZIP file.
  3. Unzip the plugin onto your local machine. It will create a directory called ‘plugin-name’ with all the files under it.
  4. Use sFTP to delete the existing plugin directory from the wp-content/plugins/ directory on your site.
  5. Replace the deleted directory by uploading the unzipped plugin to the wp-content/plugins/ directory leaving it in a directory that looks like (for example) wp-content/plugins/plugin-name
  6. Sign in to your WordPress site. Go to the ‘Plugins’ menu and verify that the plugin you upgraded is the newest version.

Upgrading WordPress Themes Manually


Note, if you are running a customized theme you will lose any customizations if you simply overwrite your theme with a new one. In this case you will need to work with a developer to integrate your customizations into your new WordPress theme instead of just overwriting the old theme. If you have not customized your theme’s code and have merely customized it using the web admin interface that WordPress provides (without changing any of it’s files), then you can follow the procedure below:

  1. First create a backup of your WordPress site.
  2. Download a ZIP file of the theme you plan to upgrade.
  3. Unzip the theme files onto your local machine.
  4. Use sFTP to delete your existing theme directory from the wp-content/themes/ directory.
  5. Replace the deleted directory by uploading the unzipped theme into your wp-content/themes/ directory. You should now have a structure that looks something like wp-content/themes/theme-name/
  6. Sign into your WordPress site. Go to Appearance > Themes and verify you are running the newest version of your theme.

Conclusion


As you can see this is a labor intensive process. We strongly advise you to try to enable upgrades via the WordPress web interface if at all possible. This may mean you have to set less restrictive file ownership and permissions on your WordPress installation. The downside is that your web server will have rights to modify your files – which may allow a hacker to do the same. But the benefit is significant in that you can patch security vulnerabilities via the web interface through upgrades.

Did you enjoy this post? Share it!

The WordPress Security Learning Center

From WordPress security fundamentals to expert developer resources, this learning center is meant for every skill level. Get serious about WordPress Security, start right here.