We use cookies to make your viewing experience better. By accepting you consent, you agree to our Cookie policy

Improve your Craft CMS skills

How To Update Craft CMS Plugins (And Why This Is Important)

10 min read
Update Craft CMS Plugins

Keeping your Craft CMS plugins up-to-date is mission-critical, yet it's a task site owners often neglect. This exposes your site to security vulnerabilities, compatibility issues, and painful technical debt down the road. Updating plugins can feel intimidating, but doesn't need to be risky if handled methodically.

This guide will walk through proven techniques for identifying and updating outdated plugins in Craft CMS smoothly. You'll learn expert tips to update plugins safely, avoid pitfalls, and reap the security and functionality benefits of staying current. Don't let your site lag behind - it's time to take control of your plugin updates.

After adding plugins to Craft CMS, make sure they stay updated. To update Craft CMS plugins, login to the control panel, navigate to Settings → Plugins, and click "Update" for any plugins with available updates. Staying current is critical to getting security fixes, avoiding technical debt, and accessing new features.

Step-by-Step Guide to Updating Plugins

Preparing for Updates

Before diving into updating Craft CMS plugins, it's wise to take some preparatory steps to avoid any potential issues. Firstly, ensure your site is fully backed up in case something goes wrong during the update process. Use a backup plugin like Backup Pro or manually backup your database and files.

You'll also want to enable maintenance mode to prevent public access to the site while updating plugins. The last thing you want is visitors hitting errors due to plugins being disabled mid-update!

It's also worth reviewing plugin changelogs to understand what's changing - are there any breaking changes or new requirements you'll need to accommodate? Being informed about plugin changes allows you to plan accordingly.

Using Craft CMS Control Panel

The easiest way to update plugins is directly within the Craft CMS control panel. Navigate to the Plugins page and you'll see a list of all installed plugins. Any that have updates available will be clearly marked.

You can then review each update individually and read the release notes. If satisfied, go ahead and click the "Update" button to pull in the latest plugin version.

The control panel makes it simple to view and install plugin updates with a few clicks. Just be conscious of any breaking changes noted in the release notes.

Updating Plugins Individually

Rather than bulk updating all plugins, you may wish to update them selectively on a case-by-case basis.

Updating plugins individually allows you to maintain greater control. If you're concerned about compatibility issues from a particular update, you can hold off on installing it.

You can then rigorously test each plugin after updating before moving on to the next. This targeted approach minimizes the chances of something breaking across the whole site.

Updating All Outdated Plugins

Alternatively, you may wish to take a broad brush approach and update all outdated plugins in one go.

This route is quicker and means you don't have to laboriously update plugins one by one. If you review the changelogs and are satisfied, updating all plugins in bulk can save time.

Just keep in mind that you'll want to extensively test the site afterwards. Updating multiple plugins simultaneously increases the likelihood of conflicts arising.

Managing Issues During Update

Despite best efforts, you may encounter problems when updating plugins. Some common issues include:

  • Compatibility problems cause plugins to conflict and create errors

  • Changes to plugin functionality impacting site features

  • Outages or crashes while plugins update

Should any such problems emerge, don't panic. Diagnose the specific error messages and behaviour to uncover the source. You may need to deactivate a problematic plugin, rollback updates or tweak settings to resolve matters.

If major issues persist, restore your backup and migrate plugins over incrementally to identify the culprit. With calm troubleshooting, you can sort out any update headaches.

Using Composer to Update

Updating Craft CMS plugins via the control panel is straightforward. But developers may prefer to use Composer to pull in plugin updates via the command line.

You can run composer update to fetch the latest compatible versions of all plugins and Craft CMS core per your composer.json. This automates updating the whole stack.

For granular control, use composer update {plugin-name} to only update specific plugins. You can also use composer flags like --no-dev to limit updates to production only.

Leveraging Composer for updates follows a test-driven and command line approach to streamline maintenance.

Testing Site Functionality

Once plugins are updated, thoroughly test your entire site. Verify that:

  • Pages load correctly without errors

  • Site functionality works as intended

  • Frontend and backend behaviour hasn't changed

  • Performance remains fast and consistent

Checking everything still works eliminates nasty surprises down the line. Be meticulous and take a QA approach to catch any regressions.

Automated tests are particularly useful to validate that updates haven't broken anything across the site. This safety net gives the confidence to deploy updated plugins live.

Deploying Updates to Live Site

After you've rigorously tested plugin updates on a staging environment and fixed any issues, it's time to go live!

Take the site out of maintenance mode to open access again. Monitor the live site closely after launching updated plugins to production.

Use real user monitoring tools to validate performance and behaviour across actual visitor journeys. Catch any problems instantly and be ready to rapidly roll back updates if major problems emerge post-launch.

With an incremental rollout and ongoing monitoring, updated plugins can be deployed safely without disruptions.

Post Update Monitoring

Keep observing your site's performance after updating plugins. Monitor key metrics like page load times, traffic levels and conversion rates for abnormalities.

Check your site error logs and Craft debug toolbar for signs of issues. Problems related to plugin updates may arise over time.

By remaining vigilant after launching updates, you'll ensure no regressions or conflicts sneak through which only reveal themselves down the line. Proactively identify and address such problems before they impact site visitors.

With constant monitoring and a readiness to revert plugin updates if necessary, you can keep your Craft CMS site running properly. Updating Craft CMS plugins is all about care and caution.

Best Practices for Updating Plugins

Use Staging/Dev Sites

When updating Craft CMS plugins, it's wise to initially test changes on a staging or development environment before touching your live production site.

Staging sites provide an isolated space to trial plugin updates without impacting real users. You avoid taking any risks or disrupting the customer experience.

Spin up a recent clone of your production environment for testing purposes. Update plugins on this staging site first and observe the impacts.

You may uncover compatibility issues, regressions or other problems that emerge from updates. Better to identify these risks early in a safe staging space rather than when live!

Once you've validated that updates work as expected on staging, you can plan the production rollout with confidence knowing what to expect.

Review Changelogs

Before updating any plugins, be sure to carefully review the release notes and changelogs. This offers insight into what is changing and guides your upgrade testing.

Pay close attention to mentions of backwards compatibility breaks, deprecated features or new requirements. This indicates where updates may impact your site.

If certain plugin updates look potentially disruptive or require code changes, you may decide to hold off updating for now. Changelogs allow informed decisions.

Equally, exciting new features highlighted in the changelog may motivate priority updating of certain plugins! Understanding expected impacts sets appropriate update expectations.

Update Incrementally

When tackling a large backlog of plugin updates, consider an incremental approach rather than bulk updating everything simultaneously.

For example, you might break updates into batches by:

  • Non-critical vs critical site plugins

  • Oldest updates first

  • Plugins with the most pressing security patches

Updating in targeted batches minimizes risk and complications. If any issues emerge, you can isolate the culprit more easily.

An incremental rollout also allows time to monitor impacts before moving to the next batch. Gradual change is smarter than major all-at-once updates when managing plugins.

Stick to small, staged updates interspersed with testing. In this way, you can keep changes digestible while advancing your plugin versions - a win for stability and security.

Reasons to Keep Craft CMS Plugins Updated

Improved Security

One of the strongest motivations for updating Craft CMS plugins is enhanced security. Developers rapidly release security patches to address vulnerabilities in their plugins. Here's a guide to the Craft CMS login security plugin. 

By updating promptly, you ensure any discovered exploits are closed off before they can be leveraged for harm. Don't leave doors open!

Plugin updates may also improve protection against common threats like SQL injection attacks, cross-site scripting, unauthorized access and more.

Your site's security posture is only as strong as the weakest link - an outdated vulnerable plugin could be the chink in the armour allowing an attacker to gain entry.

Closing security gaps through ongoing plugin updates contributes to a hardened environment for your Craft CMS install and keeps sensitive data safe.

New Features and Enhancements

Updating provides access to the latest features and fixes plugins developers have been working on.

Don't miss out on handy new functionalities that can improve your workflows and content management.

From better Craft CMS core integrations to performance optimizations and UI tweaks, plugin updates bring meaningful improvements.

Your users will be delighted by a slicker editor experience while your developers appreciate under-the-hood optimizations. Staying up to date delivers benefits.

Regular plugin updates let you incrementally enhance your stack, keeping pace with the Craft CMS ecosystem's rapid evolution. Don't get left behind on old versions!

Avoid Technical Debt

Failing to update plugins results in accumulating painful technical debt over time. Outdated plugins require more upkeep, lack newer features, and eventually become legacy support burdens.

Don't find yourself maintaining ancient plugin versions well past their support lifecycle! This creates headaches for developers and risks the stability of your site.

Similarly, extremely outdated plugins may develop complex interdependencies that make updating difficult. Incremental updates avoid this scenario.

Staying relatively current by regularly updating lessens technical debt before it compounds. This forward-looking approach reduces frustration and keeps options open.

Updating plugins is like keeping your website tidy - it minimizes cruft and eases future chores. Don't let the mess pile up!

Identifying Outdated Craft CMS Plugins

Control Panel Notifications

The Craft CMS control panel provides an easy way to identify plugins needing updates. Navigate to Settings → Plugins in the sidebar.

On the Plugins page, any available updates are clearly indicated. Outdated plugins will be flagged with a blue "Update available" label along with the new version number.

The control panel consolidates all plugin status updates in one view. With a quick scan down the list, you can see which plugins have fallen behind and require updating.

The notifications and granular status make light work of pinpointing any stale plugins lingering in your installation. The control panel centralizes awareness.

Manual Review

Alternatively, you can manually review your installed plugin versions against the latest releases available for each one.

Browse each plugin's page on plugins.craftcms.com or their own site to find the current version. Then cross-check this against your locally installed copy.

This manual approach takes a bit more effort to compare each plugin's releases one-by-one. However, it gives you greater insight into exactly how outdated your versions are.

While more time-consuming than relying on control panel notifications, periodically reviewing installed vs available plugin versions is prudent. Don't take plugins auto-updating themselves for granted.

Using Composer

For developers managing Craft CMS sites with Composer, you can use it to detect outdated plugins from the command line.

Run composer outdated to analyze your lock file and highlight any plugins which can be upgraded to newer versions per your constraints.

Composer will output a list of plugins that have fallen behind, along with the newest installable versions. This quickly flags upgrade opportunities.

You can also add the --direct flag to only check root dependencies or --minor-only to only detect minor updates skipping major.

Leveraging Composer's introspection and semantic versioning support eases the task of auditing and updating plugins programmatically.

Keeping plugins current requires awareness. Craft CMS provides tools to see outdated plugins, but a proactive manual review is wise too. Stay vigilant!

Risks of Outdated Craft CMS Plugins

Security Vulnerabilities

Outdated Craft CMS plugins that don't receive updates leave your site susceptible to security vulnerabilities that may get exploited.

As plugins age without updates, newly discovered exploits won't get patched. This provides an open door for attackers to gain access and compromise your systems.

Hackers can reverse engineer old plugin code to uncover weaknesses and inject their own malicious scripts. Your defences lie exposed!

Neglected plugin security is no small risk; sites get hacked this way. The consequences could include data theft, service disruption, SEO sabotage and more.

Protect your site and customers by closing plugin security gaps through regular updates. Don't allow your versions to lapse without support.

Lack of Support

Once plugins cease active development, your access to support disappears as well when issues arise.

Developers stop monitoring forums and providing fixes for aging plugins. You may get stuck handling complex bugs yourself with legacy code.

Outdated Craft CMS plugins often accumulate struggles with compatibility issues, performance, deprecated APIs and more.

Without ongoing support and maintenance from the plugin author, you absorb this technical debt maintaining old plugins long past their prime.

Stay up-to-date to ensure you can enjoy responsive developer support, new features and fixes. Don't go it alone!

Technical Debt

Allowing your Craft CMS plugins to languish on old versions leads to accumulating painful technical debt over time.

When you finally muster the update momentum, it requires substantially more effort than incremental updates. You may even need to refactor the code.

Complex interdependencies also creep in between outdated plugins, making updating one risky without addressing the others. This debt compounds.

Being reactionary rather than proactive with updates creates avoidable headaches. Don't let your plugin versions rot!

Regular updates minimize debt. Preemptively keeping plugins current is far easier than a massive catch-up operation when forced. Don't delay!

Shape April 2022 HR 202
Andy Golpys
- Author

Andy has scaled multiple businesses and is a big believer in Craft CMS as a tool that benefits both Designer, Developer and Client. 

Show us some love
Email Us
We usually reply within 72 hours
Agency Directory
Submit your agency
Affiliate Partners
Let's chat