YouTube Transcript:
WordPress Updates 101 (and Beyond) | Roger Williams (Kinsta)

Skip watching entire videos - get the full transcript, search for keywords, and copy with one click.

Video Transcript

Video Summary

Summary

Core Theme

This discussion highlights the critical importance of website updates and maintenance in WordPress, emphasizing the evolution of automatic update features, the challenges of compatibility, and the shared responsibility between users, developers, and hosts to ensure security and performance.

And yes, we're live. Hello and everyone.

Thanks for joining this uh live session

for today. A quick reminder, we do these

every week on Thursday at 400 pm Central

European time and at 10:00 a.m. Eastern

time. Today with me, yeah, by the way,

before I forget, if you have any

questions, this is live, so if you have

any questions, feel free to ask us. And

today with me, I have Roger from Kinsta.

How are you, Roger?

>> Robert, I am doing amazing. Thank you

for having me on the show. It's it's

8:00 a.m. here, so it's it's fresh in

the morning for us, but uh I'm really

excited to be here. Thanks for having me.

me.

>> Yeah, we're excited to have you mostly

because of course, yeah, you have more

than 20 years experience in the hosting

industry, which means roughly you're my

age, roughly something.

something.

>> I got the grades. I got the grades.

>> Yeah, I got a bit more, but yeah. Um

yeah, to be honest, you host also the

Kinsta talk show, right? >> Yes.

>> Yes.

>> And you're a Word Camp speaker. And

during the last word camp you rep you

spoke about the auto roll back feature.

So yeah I wanted to invite you to yeah

share some some information about uh

updates but before we start can you give

just a brief overview of what you do and

a bit about your your your story with

WordPress to our audience.

>> Yeah. No absolutely talk about myself.

The worst thing I hate I hate talking

about myself. No. Uh so

>> if you like to be honest Yeah. when you

go to a lot of podcast it's like it's

always but yeah it's good

>> right right um no so yeah I've been at

Kinston now for over five years uh I'm

now in the currently in the partnership

and community management uh position

specifically for North America but I

love talking to my friends all over the

globe uh and I've been I've worn a bunch

of hats at Kinsta I came in on the

migrations team

uh worked with our manual migrations

team uh we do an amazing job it blows my

mind uh how how we handle migrations.

Love to dive into that at any point. Um

and then I did some work with the client

experience team uh working on surveys,

getting our onboarding emails and

messages all figured out. And before

that, you know, I've been I had an

agency for like eight or nine years. And

I say agency, it was an agency of one.

So um you know I I it was me and I I

would build you know various small

business mediumsiz business websites.

Got too caught up in social media

marketing. Burnt myself out. Uh and

before that worked at a couple of

different hosting companies, a couple of

content delivery network providers

before you could just go to a website

and say, "Hey, I want CDN." And you had

to actually talk to a person. Uh so that

was ancient ancient times ago at this

point almost. Um, and I don't now I live

in southwest Colorado with my wife and

my dogs and uh just really enjoy being

out in kind of the middle of nowhere,

but then I get the fortune to travel to

a lot of events um and get to speak uh

which I've been really enjoying kind of

that's new to me is this public speaking

thing. Uh really enjoying that. Uh seem

to be connecting with people and and uh

doing a decent job there. But uh you

know for the most part I'm just having a

really great time making good

connections and and helping people

figure out how to host their WordPress websites.

websites.

>> Nice. Thanks a lot for the intro. How is

it public? I mean to be honest I'm not a

fan of public speaking myself but I just

submitted my talk to world campaign in

in Poland which is in two three weeks.

So just any tips for the first time.

>> Yeah. So you know there's a there's a

sales book called Eat That Frog. I don't

know if you've heard of this. No, I already

already

>> It's a really short little book. There's

another one that's kind of similar

called Who Moved My Cheese or Who Ate My

Cheese or something like that. But, you

know, the basic premise of Eat That Frog

is like it's a terrible thing to like

eat a frog. Like, uh, oh my gosh, I

wouldn't want to do that. But the the

idea here is like do the thing that

you're scared of. Do the thing that

makes you uncomfortable because that's

how you're going to grow. And and

specifically in that book, it's do it

the first thing in the morning. like

just get that out of the way and then

the rest of the day is super easy. And

so I kind of look at public speaking

kind of the same way. I I I've gotten

very comfortable at this point being in

front of an audience, but uh that's very

recent. And the number one way to get

over that is to just do it. Um and eat

that frog, right? Like you you just

you've got to get up in front of people

and and and do it. And there's a lot of

things you can do to prepare for that,

though. So obviously the first thing to

do is write out whatever you're going to

talk about. Even if it's just a five

minute speech, write it all out and then

record it. Um, and you know, I do it as

simple as I'll just record it on my

phone and then I'll just listen to the

recording. And uh, you know, it's

absolutely cringe, right? Listening to

yourself. I'm I'm also getting

>> right I'm getting better at that. But I

think that's a huge step is like getting

comfortable hearing yourself. And

what'll happen is you'll immediately

start picking up on, you know, one of

the things I like to do is I'll I'll

I'll say a word twice. I'll be like,

"Excellent, excellent." in response to

somebody and it's not necessarily the

worst habit, but like I'm conscious of

that. Uh you become conscious of us and

ums and learning to just be quiet,

right? Learning to just pause and let

things happen. And you know, I'm talking

about all this like I'm an expert. I'm

still very much a beginner. There's way

better speakers out there. Uh this is

what has worked for me is doing the

practice, listening to it, and then just

getting out in front of people and

getting their feedback. And you know,

people are very generous. Uh usually, uh

you know, if they have something nice to

say, they'll say it. If they don't have

something nice to say, they'll say

something nice, hopefully. uh you know

and then and then but then also having

like uh good friends that you can

actually go to and say hey what did you

think of that speech and and you know

good and bad you're looking for good

feedback. So lots of practice and and

just getting comfortable with it.

>> That's that's

frog is quite uh yeah good. I I've done

the same. I've been thinking about

submitting a talk. Yes. No. Yes. No. I

was at the gym a few weeks ago. I was

listening to some motivation speak from

Jo willing. It's like if you're afraid

just go and do it and I just went back

home and submitted my talk and

>> awesome. So >> awesome.

>> awesome.

>> Good. So see yeah before we dive in I

have a very important question to ask

you because uh what what are the what is

the title or the titles of the songs you

sang at the Kok.

>> So you're referring to Word Camp that

just happened last week. Um, and

Elementor and Kinsta, we we came

together and we co-hosted a party and I

put myself on the spot. So, this is

another example of eating that frog,

right? I've never done karaoke in my life.

life.

>> Uh, abject terror. It goes back to fifth

grade choir class when my voice was

breaking and you had to sing your name

as an intro. Oh my gosh. So, anyway, uh,

I I committed myself to singing Hot to

Go by Chappelle Ron. And so I I opened

with that. My team, the Kinsta team was

gracious enough to basically commit me

to the DJ. Hey, yes, at 9:30 Roger's

coming on and he's singing this song.

And so that committed me. So having

having uh teammates or friends who will

help encourage you is also a really

helpful thing in here. And so yeah, so I

sang that uh I mean I I uh enunciated,

>> right? I I verbalized words

in the attempt of song. Uh lots of

people left the room. So uh you know,

I'll let you gauge the performance from

that. Uh and then also I there were a

bunch of people that were um gracious

enough to let me kind of sing with them.

I think there was a John Bonjovi song.

Oh gosh, I'm I'm gonna forget it the

name of the song right now. There was a

Lady Gaga song. I'm going to forget the

name. So basically, you went with the

flow and just dove right in. And

>> Yeah. Yeah. As soon as I did the first

song and realized I wasn't going to die

or burst into flames, you know, it's the

same thing as speaking publicly, right?

As soon as you realize you're not going

to die,

>> uh it it becomes a lot more fun. And so,

yeah, so we just had a lot of fun and

and there was a line of people lining up

to do karaoke. Like it was very popular.

So, I would advise anybody who's doing a

Word Camp side party, add karaoke.

There's a lot of karaoke fans in the

WordPress world.

>> Good to know. Good. Thanks for the tip.

So, yeah, let's jump now. Yeah. About

talk about the updates. So, let's start

with the basics. Um, what update options

do uh WordPress users have by by default?

default?

>> Yeah. So, it's a it's a great question.

It's a good thing to dig into here. I

may make mistakes here today. Please

people call me out on them. I I welcome

the corrections. So, there's two main

kind of areas of WordPress updates that

uh site owners need to pay attention to.

There's WordPress core.

And so, when we're talking about new

versions of WordPress coming out, the

next one's going to be 6.9.

And I can't believe nobody has used the

Bill and Ted meme. Uh 69. Dude, I don't

know if you know that. You know, what

number are we thinking of? and their

twins guess it and it's 69. I haven't

seen anybody using this meme yet.

Please, somebody start using this meme

for this release. But anyway, so that's

WordPress core. Those are all the files

that actually make the basics of

WordPress work. The admin area, the

ability to add posts and pages.

And so there's updates for that. And

there's there's a couple of options you

have in choosing updates. You can have

those you can have it be all manual.

You can have the whole anytime there's a

new any type of update to it whether

it's a sub release or a major release

have it automatically updated. You can

choose to just have security updates

updated automatically and then when the

major releases come out that you know do

that manually. And so that's core.

You've got there's some control there.

When it comes to themes and plugins and

I'll kind of loop those together just

for right now. uh themes and plugins,

there's really only one update option

and you can either do it manually or you

can set it to automatic update. There's

no option at this point of choosing a

security update uh automatic update for

a plug-in and and that that's important

for a lot of reasons and and I'm sure

we'll get into it here. Uh the the main

reason that security is so important is

uh you know there's lots of studies

patch stack and some others have come

out showing

that plugins are the main vulnerability

for security when it comes to WordPress

and we can dive into all of this but it

comes down to the fact that anybody can

write a plugin and it's the power of

WordPress right anybody can create a

plugin it's just a couple of files in a

folder packaged up and you've got a plugin

plugin

And the problem with that is that the

code quality can vary wildly and

unintentionally a plug-in developer

might create a security issue and and

and cause problems for the people that

install that plug-in. So that's kind of

the basic overview of of kind of how

updates work with WordPress and the

options that you have. Um happy to go into

into

>> as as such there is no standard what

defines a security update or not. No, as

like with core we know because you

usually have like six point two for

example 0.1 and the last digit is if

it's a minor update the 0.9 is like it's

new features but I don't think there's

any standard with plugins and teams

there's no no one follows any particular

standards right

>> yeah and I definitely I want to make

sure I preface all of this is I am not a

developer uh I'm not a complete expert

on how the building of plugins works um

my understanding is there there is not a

mechanism right now for security updates

when it comes to plugins. Um and so

that's why we don't have the ability to

have automatic updates just for security

updates. And as far as the mechanics

that go into creating security updates

for plugins, uh you know, I couldn't

really dive into the details on that,

but it does seem like there's work that

could be done there to create an

additional feature um for WordPress plugins.

plugins.

>> Nice. Um so you work with a web host of

course you see a lot of websites what do

you see in the wild in terms of from

your experience do people typically use

auto updates no what's the

>> yeah so traditionally I have not seen a

lot of people using automatic updates

for WordPress and a lot of that is

because historically when you did an

automatic update and if anything went

wrong your site went down

And that's the worst possible situation,

right? The last thing we want is the

white screen of death as it's known in

the WordPress world. And that's just

where you go to your website and all

that comes up is a white screen.

Like worst possible scenario, right, for

you, your clients, their clients, uh

like the immediate way to erode trust in

your domain name is to have a broken

site like that. And so historically,

uh, people have not necessarily used

automatic updates, especially when it

comes to websites that generate some

sort of revenue or income or are

critical, you know, places to get

information for various groups and

whatnot. So, you know, traditionally I

haven't seen a lot of it, but uh, in the

last year I've seen a huge uptake in the

number of people using automatic

Interesting. Interesting. Um, in fact,

this kind of like bring you to the next

question because you did talk about the

auto roll back feature in WordPress. Can

you explain because that hopefully

softens a bit the blow if something

happens, right? Kind of thing.

>> Yeah, exactly. So, uh, last year 2024,

uh, WordPress 6.6, I'm really glad that

they chose an an an easy number for me

to remember. uh the core rolled out

automatic uh roll back for automatic

plug-in updates and the terminology is

all over the place here, but basically

when and and and this was already there

for manual updates. When you did a

manual plug-in update, if there was a

PHP error, the system would catch it and

roll it back and let you know, hey,

there's a problem with that update. As

of 6.6,

it's now been enabled. If you've got

plugins set to automatic update and

there's an issue in that update, a PHP

error issue, uh WordPress will catch

that. It will restore to the prior

version of the word of the plugin and it

will send you an email or the

administrator of the website an email

saying, "Hey, we tried to update this

plugin. It failed. In the meantime,

these other plugins, if there were other

plug-in updates, did did go okay, but

you should look into what's going on

with that other plugin. And so now we've

got this safety net uh so that you can

set uh plugins to automatic update and

kind of forget about it until there's an

issue and then you'll get an email and

then you can deal with it. And so since

this has come out, I have on all of my

personal sites enabled automatic plug-in

updates and for my clients websites,

I've enabled automatic plug-in updates

and life has been wonderful.

>> Nice. Nice. Um, good. It's good that

there's this feature. Um, but as we said

before like there's no actual

uh standard kind of thing which are

security updates and not so it's become

very difficult. However, there are a few

uh WP config direct directives not that

users can specify use, right? Or

>> yeah, no and and and my my memory is

going to fail me uh this morning. Uh but

there there are options you've got and

and so when you go into setting uh

plug-in automatic plug-in updates is

done through the WP admin dashboard. So

it's anybody can go in there who has

admin access to a website. They can turn

this on or off. In wpconfig.php,

there are options to set in there for uh

definitely for core updates. That's

where you can specify if you want

security updates only or if you want the

whole thing to happen. I don't know that

there's necessarily anything you can do

in that file for plug-in updates, but

I'd love to be corrected. I'd love to

have the audience correct me if I'm

wrong. Please, please do. I I'm not

afraid of being corrected.

>> We'll find out. People like to comment

in general. So, especially when someone

is wrong. Yeah.

>> Beautiful. Beautiful. Let's go. Let's

go. Uh, as far as I know, there's

nothing in WP Config you can do for

plug-in updates. Uh, but but like I

said, I'd love to be proven wrong.

>> Good. Considering all of all of this

work that's being done, there's the auto

roll back uh different type of auto

updates um and all these issues, I still

see myself and again going back to your

experience working with the web host. I

still see a lot of people like still

running and yeah also considering the

fact that outdated software especially

plugins is one of the major causes of

affected websites.

I still see a lot of people using like

very very old versions of of plugins

like especially like commerce.

What are the most common reasons usually

here as a web host like because I'm sure

as a web host kind of sometimes you're

in a very difficult position because a

website gets hacked. Oh, it's the web

host but no like you didn't update

there's that kind of back and forth. So

what is the most common reason why

people I don't know it was a very like a

three four year old version of a

plug-in. Yeah, great question. And and

you know, you made an interesting

comment there. As as a web host, right,

we're almost always the first to blame.

>> And that's understandable, right? We're

we're literally we're hosting the

website. You know, it's our

responsibility to make sure that it's up

and running. And so when something goes

wrong with it, uh it makes sense that

we're the first place that you turn to

uh for, hey, what what the heck's going

on with my site? I'm paying you to host

it. It's currently down. And we do see a

lot of issues with outdated plugins, not

only from a security issue, right? Like

there, yes, there's a lot of malware and

hacking going on. Um, and and for the

most part, you know, we've we don't see

a ton of that, but we see a lot of

performance issues. Um, you know, a big

issue that will come up is PHP compatibility.

compatibility.

As a managed host, we really want to

keep uh PHP as current as possible. And

that's for a few reasons. The main one

is performance. It when they come out

with new versions of PHP, it's not just

because they want to have a bigger

number of of the per version of PHP,

right? There's actual improvements being

made to uh the language. And so, as a

host, we really want to encourage people

to use these newer versions because

they're much faster. uh there's there's

a lot of neat features being added to

them and there's additional security

being added to it as well. And with

older versions, right, the you've got uh

versions that still have security

coverage. I think that's going back to

right now 8.2 and 8.3 are in security

coverage. So the

>> I think so. Yes.

>> Right. So the PHP organization is still

maintaining those uh but but time is

coming up and I think 8.0 zero is is

about to fall out or just fell out. And

so we really want people to upgrade

their PHP.

Well, the problem is that older plugins

and older versions of plugins were

written to a older version of PHP. And

so when there's an upgrade to PHP, it

can break those plugins. And so one of

the number one reasons we see people not

updating their plugins is because of the

PHP incompatibility.

And this comes to the plug-in being

incompatible, the theme being incompatible.

incompatible.

There's lots of uh moving parts in

there. Uh and and so we see most oftent

times these sites are just use they're

they're set up for an older version of

PHP. it's no longer supported from a

security perspective and so we have we

have breakage there. Uh Kinsta does

currently support back to PHP 7.4. Um

that's a you know extended security um

update version there. There's a there's

a specific term for that. I'm going to

forget it right now. But >> um

>> um

>> backward compatibility.

>> Yeah. And it's like EOL, end of life.

>> End of life.

>> Yeah. And so we we currently support

back quite a ways. I mean 74 came out it

feels like an eternity ago. It's o like

I feel like it's over five years ago

now. And so you've got sites that are

still only able to run on 7.4 which

means in in a lot of cases they're over

five years out of date which is wild.

And the major reason as I mentioned is

they they don't want to update the

compatibility. A lot of the time it

comes down to the theme and that makes

it it's just really hard because the

theme either maybe they had a custom

theme built five six years ago they

spent a decent amount of money you know

especially for a small business right

spending5 or $10,000 for a theme isn't a

small amount of money

and so having to be faced with well okay

if we want to update this we're going to

have to update the theme is that

developer even around still are they

still working on things like this? Do

they have are they interested in doing

this? Or do you need to hire somebody to

build a whole new theme and and go

through all that process again? Uh and

so we see a lot of sites holding on to

these older versions because, you know,

either they're they don't want to hire

somebody to do it or if they're a

developer, they just they've got other

things they want to be focused on and

and they don't want to be updating older

older versions of things. So, those are

the big ones. You know, I think Woo

Commerce gets uh a lot of flak and has a

lot of trouble. Uh again, I I think a

lot of it is because people put a huge

investment into setting up a WooCommerce

shop on the front end and they they just

don't want to do that again, right? If

they don't have to, they're like, "Well,

wait, why should I spend money on

something I've already spent money on?"

And I think this is where the education

part really comes in from a WordPress

developer or agency

is really helping a a customer

understand that software is a living

organism, right? It's constantly

updating and you need to be ready for

that and and so you need to be preparing

your clients for the fact that hey, in a

few years we're going to need to make

some updates. Uh just be ready for that.

we've and and explain, hey, these are

the things we've done to prepare you for

those eventual updates so that they're

easier and and really help them

understand, hey, there's a process to

this. We've got it all under control.

We'll be here to work with you and and

really stay focused on keeping

everything as up to date as possible.

And it comes back to what we started at

the beginning of this with security. And

uh you know outofdate plugins are are

where the security issues happen

especially when they're so out ofd

they're running on older versions of

PHP. You know there was uh version I

think PHP 5.6 was notoriously

problematic. Uh we got we couldn't get

away from that version of PHP fast

enough. But I still see sites who want

to come to Kinsta that are on 5.6 and

we're like yeah we can't host that here.

We'll migrate it over. We'll test it.

It'll break almost inevitably. I mean,

we'll still always test it, right? There

is a chance, right? We can update the

plugins for you and and maybe it'll

still work. Uh, but you know, g getting

those sites updated and and running on

the current versions of PHP is going to

make your site faster and also more secure.

secure.

>> Interesting. Yeah, I I think WooCommerce

is is I've seen it. I think it's one of

the most notorious for these things

mainly because I've seen businesses who

has built custom applications to support

some native application they have with

their local bank or something. So it's

very difficult um as a web host as you

said like you usually try to help people

of course but how how far do you go as

like there there's obviously even if you

have someone now let's say and they're

selling 7.4 for one fine day within the

next two three years they they will have

to to upgrade somehow to move on. How do

you tackle that? Because it's also it's

good for the customer even though maybe

they don't understand or maybe they find

it frustrating but it's also for your

name like if you keep as a web hosting

you keep a lot of outdated websites.

Yeah. More websites from crystal getting

hacked it's a bad name. So where do you

kind of like stop and say or how do you

handle these type of difficult um

setups? Yeah, it's a great question. Uh,

yeah, I wouldn't necessarily always

describe them as difficult, challenging

perhaps. Um, you know, in the past, we

were much more strict about our PHP

versioning. Uh, we we actually held to

the the PHP consortium's

version control, right? So, when they

stopped supporting a version of PHP, we

stopped supporting a version of PHP.

And that definitely caused uh some very

challenging conversations for our

support team. And so to so now we've

we've adopted kind of supporting a

little bit older versions. 7.4 as I

mentioned before and and 8.0 now are

both past end of life for security

updates. And so we've adopted that to

kind of help those customers. Those

versions of PHP are pretty secure. It's

not like 5.6 six where it was just not

not a good situation from security. Um,

you know, these these newer versions of

PHP are are definitely more secure. So,

we have a little bit less concern uh

with that.

But as these things come up, you know,

one of the things that we really help

push our customers for is, hey, we've

got a new version of PHP coming out. Uh,

we we'd be happy to automatically update

that for you. Uh, if you don't want us

to do that, let us know. And so we're we

we try and as gently uh nudge customers

towards using newer versions of PHP

uh as and and and you know we've got

staging site we've got staging

environments that allow them to create a

copy of their site update the version of

PHP and see what happens. If it if

nothing happens fantastic like you can

now update the live version of your site

to PHP and you're good to go. If there

are issues,

you can either work on those or, you

know, we've got partners. Uh, you know,

this is where it becomes a gray area,

right? So, our support team does have a

scope of support. Uh, it's listed on our

website. You can go look it up.

Basically, the scope of support is we're

here to cover the infrastructure, make

sure it's working, and then after that,

the WordPress site is really your and

your agency or your developers responsibility.

responsibility.

That said, there is a big gray area here

and the last

>> supported web host. Yes. That fine line.

Yeah. Sorry.

>> Yeah. Absolutely. No, no, no. And and

so, you know, we want to we never want

to come off as telling the customer

that's not our problem. Go take care of

it to somebody else.

>> Um we we might need to say that, but

we're going to say it hopefully in a

different way, right? we're hopefully

going to be able to go, hey, you know,

when I'm looking at this, I'm looking at

the logs and you've got a lot of errors

coming up from, you know, these plugins,

right? We can look at the path and we

can see which plugin is throwing the

errors. And so we can help the customer

really kind of identify, hey, look, this

is where you're seeing the problems. Uh,

at this point, you know, you can try

finding a different plugin. um just

getting disabling and getting rid of

that plug-in if you don't need it

anymore and and you know very basic kind

of options. And then if they if they do

you know and we recommend hey take this

information to your developer or if

you're a developer here's this

information work with it and and you

know kind of figure all this out on your

own or we have an extensive partner

program. We have a lot of agencies that

we work with and we're happy to make

referrals if the customer is open to it

and put them in touch with somebody who

can help with getting the, you know, the

PHP updated, their plugins updated and

really figure this out and and find a

path forward. And so

I think it's an important distinction

that we're not interested in becoming

developers. Kinsta is not here to

develop your website. That's what our

amazing partners are for. That's who we

want to host. We We love having agencies

and developers host with us. We provide

amazing tools for them to be able to

work on the websites from staging

environments to application performance

monitoring and all of that. And so we

want to be the place where everybody

comes and works on the websites, but

we're not going to become an agency.

We're not going to become a developer.

And I say that to hopefully assure

agencies and developers that hey, when

you work with Kinsta, we're not here to

take your business. We're here to work

with you. And and so it becomes a it

becomes a dance for sure. Uh because we

w we want everybody to be running uh

very performant and secure websites. Uh

but at the same time, we're not going to

start touching your code and making

changes to all of that. So there's a

there's a there's a a serious balance

definitely in play, but we're always

here to to work as as close as we can

with our customers and and give them as

much help as we can.

>> Of course, and it's never easy taking

over someone's code, let alone if it's

five, six, seven years old running on

some very old version of of PHP. Granted

um web host in terms of updates because

as we've seen if you look at all the

reports the two major causes of websites

being hacked WordPress websites are user

issues and updates outdated software. Do

you think web hosts have a

responsibility or can do more like to

maybe can be a bit you said like

yourself like previously you were a bit

more strict when it comes to PHP now

kind of you're a bit more supporting

more like older versions. Do you think

if web hosts would be more strict or I I

don't know have some sort of other tools

or programs it would help fix that

problem slowly slowly maybe users would

be more encouraged to update more

frequently. Do you think web host play a

role like in in this in this whole thing?

thing?

>> I think it's a great question. I I I

absolutely think hosts play a role,

right? We set the tone. We allow the PHP

versions that you're going to to run and

operate. Um, you know, I mentioned that

we're we're um supporting older

versions, PHP 7.4.

There are some hosts that, you know,

they're still supporting 56 and and even

older versions, right? So,

>> that one was airpriced.

>> Even as lenient as we are being, we're

still being pretty strict. And so I I

see and and we also are constantly

suggesting and urging our customers to

upgrade to the latest version of PHP. As

soon as there is a new stable version of

PHP, we make it available so that you

just go into your My Kinsta dashboard,

you go into tools and choose the PHP

version and you can update it right

there. It might even be in our API now.

You can build your own dashboards and

and interface with Kinsta's um uh

control panel through the API and update

PHP that may be there already. And so I

I absolutely believe that hosts play a

role in this because we're the ones who

set the excuse me, we set the infrastructure

infrastructure

that everything else is then run on. And

so if we're supporting very outof-date

versions of PHP,

it's allowing those customers to stay on

older versions of their plugins and stay

in a less secure situation. And so, you

know, another thing that we do, pardon

me, let me get some little water.

>> You know, so another thing that we do is

we do send out vulnerability reports.

So, we monitor uh all of the sites on

our system uh for uptime monitoring, but

then we're also looking at the plugins

that are installed. And as uh new

updates come about vulnerabilities,

we will identify the plugins on our

system and we will reach out to our

customers and let them know, hey, your

site or these sites that you have with

us are using this plugin. there's a

vulnerability on it and we need you to

take action and get this updated. And so

we're very proactive in working with our

customers to make sure that they're

updating their plugins um and and

identifying specific plugins that have

issues that need to be updated. In

addition to that, we've actually built

our own uh automatic update system. So

when you're in the MKIsta dashboard,

you can from the MKIsta dashboard enable

WordPress automatic plug-in updates.

And so that utilizes the existing

automatic update feature that WordPress

has built in. That's no that that's

absolutely free, but we make it really

easy for you to do it from the

dashboard. We have an additional update

service that we we do charge money for.

Um, it's a premium service though and so

with that one, we're actually taking

snapshots of the site before and after

the update and we're doing visual

regression testing. And so we're

catching issues that might happen that

aren't PHP error related. Maybe you have

some inline CSS that a plug-in is

controlling and when you update that

plugin, it it breaks that CSS for some

reason. And and so the site's still

running. there's no PHP error, no white

screen of death, but the site doesn't

look right, right? Because the CSS

broke. So, with visual regression

testing, we're going to catch that.

We're going to revert it back to the

working version and then let you know,

hey, we just had this issue. Here's the

screenshots so you can see what

happened. Uh, go and get to work on

that. So, as a host, we're we're rolling

out additional tools to help our

customers keep their site updated and

and you know, really avoid these

security issues. So, yeah, back to your

original question. I absolutely think

hosts play a part in this um and

enabling it and it it becomes that fine

line of you know being a host versus

being a agency or developer and and so

we try and balance that line as best we

can. Yeah, it's also a fine line because

if you it's it's like you want customers

of course like any other web host.

>> Uh you want to provide a good service.

However, if you are really strict, there

will always be another web host who

supports an earlier version. So you can

only yeah you need to kind of we have

that problem by the way with the

plug-in. Okay.

>> Sometimes we have like uh we have the

with our plugins we try to bump up the

minimum version of PHP we support

>> but you have to find that kind of like

fine line because you you need the

latest version even for us because

coding becomes easier much more

efficient and stuff and you can provide

much more functionality. >> Yeah.

>> Yeah.

>> But yeah how many people are still

running on the old version? It's a very

yeah it's a very delicate situation. You

don't you cannot just yeah just update

the district because yeah you also lose

users quite frankly. This is a great

point and and I love hearing this is

stuff that I want to hear more about is

talking to our plug-in partners and

learning more about you know the the

struggles that you're experiencing or

the challenges. So in those cases do you

ever reach out to hosts who are

supporting very old versions of PHP and

just ask them hey you know have you

thought about not supporting this

anymore or do you do you do any dialogue

like that?

>> We've never but it's actually a very

good recommendation. I've never tried it

maybe. Yeah, that's that's a good point

as you said maybe it's a whole uh kind

of almost like this complete circle

because host as you said uh set the tone

>> um and yeah maybe if if there are more

developers who are pushing the host like

listen why are you still supporting 5.6

six for example when uh even 8.1 is

almost end of life maybe that helps push

everyone forward I think it was also a

problem with WordPress late in the last

few versions they really bumped up the

minimum version of PHP but up until a

few years ago it was like a really some

some very early version of PHP so people

were kind of like okay if WordPress this

was a problem for us as well if

WordPress is supporting a very old

version you kind of find it find it

difficult to support a more recent

version because like people yeah but

WordPress still does it why why

shouldn't you you know so yeah it's it's

a very there are a lot of of moving

parts and a lot of people kind of a lot

of services and different things

involved in this whole process and the

problem is by talking to you clearly the

problem when you start picturing these

things clearly the problem of updates is

way more complex way more complicated

than we think it's not as simple as yeah

switch automatic updates and everyone is

happy kind of thing

>> no absolutely great point and and I

think you know staying on this thread a

little bit I love it when our plug-in

developers ers and plug-in partners

reach out to us whether you know there's

a compatibility issue. Um maybe there's

a configuration issue. Sometimes there's

a an engine X configuration that needs

to be done for a plug-in to work a

little bit better. Uh and and I think

you know most of the time we're we're

okay with that. uh we just need to hear

like if the if the developer the plug-in

developer reaches out to us lets us know

uh you know we love to work through

these situations because like you said

there's a full circle right it's and

it's like chicken before the egg kind of

issue right

>> exactly if

>> who's going to start

>> right and it does like you pointed out

if WordPress is still supporting a

really old version of PHP that almost

sets the standard for everyone else uh

but I think the host can really take

charge merge here because at the end of

the day there's no WordPress site

without it being hosted somewhere. So,

you know, the buck kind of stops with

the host in a lot of ways. And from a

host perspective, the more current

version of PHP that we're running, the

more efficient it's going to be on our

system. So, our cost should hopefully go

down. Um, and the speed is going to go

up, right? And so the customer's site is

going to just run faster which I mean

that's that's what we're striving for at

all the times right so >> exactly

>> exactly

>> but I I think that there is definitely

um a lot of interaction that can happen

between the plug-in developer the host

the WordPress core right so we just um

had word campus US and I spoke there

about sponsoring contributors and one of

the big things that I brought up in

there was strategic like so pract

technical reasons for sponsoring, right?

So, traditionally

there's more of an ethical argument of,

hey, you should support open source

software because it's the right thing to

do. I have nothing uh against that

argument. I completely agree with it.

The problem is businesses are a little

bit deaf to that, right? They they they

hear money.

>> And so, the practical reasons that I

kind of outlined were strategic,

operational, and second order benefits.

And I think in this case, it's a

strategic thing, right? So, if you're a

plug-in developer,

maybe there's something in WordPress,

right? Getting WordPress to support

security versions for plugins. Maybe

that's something you want to start

sponsoring contributors for to develop

that out. Um, you know, and and and like

performance and speed and all of these

things. The more that we are

contributing to whether directly or

through sponsored contributors to the

WordPress core project, the more we can

shape the project towards these things

that that we're experiencing in our businesses.

businesses.

>> Yeah. No, rightly said. In fact, I spoke

to a few company owners in the past who

have contributed a lot for example

towards Gutenberg when it was first

launched. And that's why it when you

think about it does make sense because

first of all you're helping the

WordPress project of course the open

source but also helps them even as a

business you're at the forefront because

you're helping shaping what you'd like

WordPress to be and then of course your

plug is is compatible with that. So

yeah, interesting. No, there's

definitely and as you said, it's a full

circle. Everyone needs the it's I think

it's always boils down to communication,

developers talking to communities

talking to web host, web host talking to

developers, developers talking to the

contributors. Of course, it's it's just

Yeah. one one big c. Yeah. Good. One big

network of people. >> Absolutely.

>> Absolutely.

>> We we spoke a lot about the auto updates

and and and you automation like the

staging websites. In fact, I'd like to

ask you a question as because for

smaller websites, it's it's much easier,

but I'm sure you've seen like some very

complex WCommerce even if even though

they are running the latest versions of

everything, they are still nervous about

auto updates.

>> Um, what's the best or best practice

setup to to to install the updates, test

them, especially if you have a complex website?

website?

>> Yeah. No, really great question. And I

actually there was a I did a webinar a

few weeks ago, maybe a month ago or two

months ago with a bunch of codable

experts and we we were talking about

this exact thing and and going into how

they handle these updates and one of the

uh guests on the panel was talking about

Woo Commerce specifically and how first

of all there's no way they would ever

use automatic updates for a Woo Commerce

site and and I can't argue against that,

right? If it is a site that is

generating income and orders are being

placed, the last thing you want to have

happen is something where the payment

gateway stops working. >> Exactly.

>> Exactly.

>> And and and now you've got people that

are placing orders but it's not going

anywhere or you're fulfilling orders but

you're not collecting money. Total

nightmare situation. You want to avoid

this at all poss at all costs. So

there's a couple of ways to approach

this. If you're the site owner and you

have no interest in being a developer uh

and and doing all of this work, the

first thing you need to do is you need

to hire a developer or an agency to just

help you with this. Um because there

there are a lot of moving parts. There's

a lot of things to check. Payment

gateways, form submissions, uh you know,

the list goes on. Uh also with Woo

Commerce, the complexity gets really

big. you have the Woo Commerce core

plugin, right? That's just the

beginning. There are so many additional

extension plugins for Woo Commerce that

it makes you dizzy, right? But but

they're necessary uh for you know

shipping and taxes and you know label

making and the list goes on and on and

so there's a lot of moving parts in

there. So my first step is is if you're

a site owner like get a professional to

help you with this. Now, when you get

that professional, you should be able to

quiz them about their process for

updating the website. And there's a few

things that you should be listening for.

The first thing is staging environments.

None of this work should ever be done in

the live environment of the site. Uh

because that's when that's when you have

problems as we talked about. Like if you

update a plugin and it breaks on the

live site, your site is broken. Worst

possible situation. So you want to make

sure they're using staging environments.

That's just a copy of your website.

Ideally, it's at the host and that way

everything is nice and contained at the

host. Uh it'll generate a um temporary

staging URL. So the developer can

actually share the URL with you, the

customer, or if you're a developer, you

can share it with your customer and they

can see the work and and verify, hey,

this looks good. Uh usually for plug-in

updates, hopefully you don't need to do

that uh level of showing the work, but

it's an option. It's there. Um and then

from there, uh they should really have

like a checklist of how they're going to

go about updating the website, what

order they're going to update the

plugins in. Sometimes updating Woo

Commerce first causes problems and

breaks all the other plugins. Sometimes

updating the other plugins first causes

problems with Woo Commerce. And so

having an experienced developer who can

understand how everything's kind of been

put together, hopefully the developer

you had put together the website is this

person and you're still have a good

working relationship with them. Um, and

they they know exactly how to update the

site. When you're hiring somebody to

build your site, right, these are the

things you need to be talking about

before you've completed building the

website. What does maintenance look

like? How often are they going to be

updating and checking for updates? I

would say you want at least once a

month. Uh if if it's a serious site and

it's making you some serious coin, you

should be having somebody look at it if

not weekly, hopefully daily, if not

weekly. You know, my I'm getting my

words a little mixed up here, but they

should be looking at it almost all the

time. um because they're the one they're

basically the GM, the general manager of

your website. You you want to make sure

that they're looking at everything

that's going on in there and and

testing. So the having a staging

environment, having an order of

operation for making the updates, having

an order of operation for testing the

site after the updates have done. So you

want to make sure that orders can be

placed. You want to make sure that you

can charge the credit card. uh you want

to make sure that you're getting all the

details for uh you know fulfilling the

order and you know your taxes are

getting calculated correctly. All of

these need to be checked every time that

there's an update because if any of

those gets me missed you're you're

you're going to have unhappy customers

and that of course is the number one

thing we want to avoid. So, you know, I

I think to recap here,

when you are building your website or

having somebody build your website,

maintenance should be an immediate

discussion. Uh, in the discovery call,

you should be covering, okay, what do

you guys do maintenance? Um, I would

question hiring somebody who's not going

to do maintenance on your website

because as we've covered this entire uh

episode, updates are a reality when it

comes to any type of software and

especially with WordPress where there's

not a lot of standards as far as

security updates for plugins go and

there's also a lot of variety between

the hosts that you're working with. And

so having somebody who's going to be

able to handle maintenance and talk you

through all of this uh is going to

really be something you want to focus on

early. Short of that, if you overlooked

that, maybe you hired your cousin's

brother or something, that's probably

still your cousin. Uh like you know, and

and they built the site and then they

disappeared, right? They they they went

and did it.

>> It's a very common Yeah. It's a very common

common

>> Exactly. And so now you're in that

situation of, okay, now I need to find

somebody to do maintenance for me. You

know, my first recommendation, reach out

to your host, see if they've got an

agency partner program and they can help

put you in touch with somebody. The host

is very interested in your website being

successful, right? Because if your

website is successful, you're going to

keep hosting with the host. So, the

first thing I would recommend do is

reach out to your host and and ask them

if they've got any recommendations,

anybody they can refer you to. Uh, short

of that, you know, the WordPress

community is amazing. Uh, get into the

make Slack, start talking with people,

ask questions. You know, there's there's

a support area. There's, you know,

there's places for you to ask these

questions better than others. Don't go

into core and ask people, you know, what

agency you would recommend them to. If

you get an answer, it's probably not

going to be super pleasant.

>> Um, so, you know, be aware of all of

this. The post status is a really great

community to be a part of. There's a lot

of agencies in there. Uh, the the

WordPress community is amazing. Go to a

word camp.

>> Uh, you know, go go to a word camp, meet

people like us and talk to us and and

you know, we can put you in touch with

somebody right there. Hey, oh yeah, this

person does Woo Commerce. They'll be

able to help you out. So, uh, there's a

lot of options out there. The worst

thing you can do, the last thing you can

do is ignore it. And I see this

>> very regularly where people are coming

onto the Kinsta platform

and we can't host them because the site

does not work with at least PHP74

and and they get very frustrated, right?

They're in that situation where somebody

built the site, they've disappeared. Uh

the host that they're on right now maybe

isn't doing the best job for them.

They're not responsive in support.

They're running older versions of PHP.

And so they want to move to a to a

better place, but they can't because

they didn't think about maintenance

upfront. So start thinking about this

stuff now. Start talking about it now

and uh and it'll all get better.

>> Nice. I like the fact that you mentioned

to hire a professional because it's the

same in security. I mean like we we as

in like the community we sell WordPress

as like it's a very easy to use software

which is don't get me wrong however we

sell it as if like Johnny the baker who

just has in the evening likes to set up

a website can also maintain a website

and if his business or her business

grows and yeah they start having

thousands of orders per month the real

the real reality is that yeah you need

someone professional to help you with

this website because most probably uh

you have much more experience running

the business the bakery but running a

website is totally different. So I I

like that because very few people

actually mention that oh it's easy five

minutes set up. It's true but as the

website or the business starts growing

the game changes the there are levels to

to to to how complex a website can be

and yeah how or how easy it can be. So

it's a very good tip. I I've actually I

don't think I've ever heard it much

before but it's good that you mentioned it.

it.

>> Oh excellent. Well and I think you know

I think this ties into open source in

general right. I think there's a

misconception with the general public of

oh it's open source it's free there's no cost

cost

>> and it's really important that we

distinguish for people to understand yes

uh open source software is free to

download and install and you can look at

the code and make changes to it you have

freedom to do that so it's free in that

sense but it is not free in in the sense

that it. You don't need anybody um to

pay somebody to actually work on it. You

have to have a host. Um if you if you're

okay with setting up a web server and

connecting it to the public internet and

dealing with

>> the fun that comes with that, then then

in that way, you know, but that's going

to take time, right? You're you're not

having to spend time instead of going to

a web host and saying, "Hey, here's some

money each month. Take care of that for

me. Thank you." You should also be

thinking of it in terms of a developer

or an agency working with you to really

build the site out. When you start out,

maybe yes, you can do it yourself and

and it's really simple to maintain, but

over time you're you're going to want to

focus on other parts of your business

unless you unless you become an agency.

Maybe you decide to become an agency,

but but most people don't want to become

an agency, right? They want to run their

business. And um I think there there can

be this tendency to shy away from paying

for things around WordPress. I'm sure as

a a plug-in developer, you run into this

a lot.

>> Um and so as a business, right, we need

to be okay with that. Hey, some people

aren't going to want to uh pay for

premium hosting. Some people aren't

going to want to pay for a premium

plug-in. And that's fine. uh the people

that that really want to have a business

and that want to be serious with all of

this are going to understand that it

does cost money to make these things

happen and that when you do invest into

your site uh you get way more out of it.

>> Yeah. Yeah. I think raising awareness

about this issue is also important. We

do get um we do for example with our

plugins. We support the free plugins

over the web.org forums which is great.

H but onetoone emails is part of the

premium. it's not the first I receive an

email like I'm sorry like we cannot

support you please go to the forum

because you're using the free plug-in

and yeah they get angry they post some

some some it's like and they need to

understand like um yeah there is someone

maintaining the plugin and like to get

support there's someone putting the

hours to support you via email like so

why why would they do it for free you

know so there's there's this as you said

there's this fine balance yes it's free

actually I think many many especially

many developers I've seen it a lot given

a lot of extra hours just to support on

the forums because you don't have to

quite frankly and you don't have to have

a free plugin but why not you know help

a bit do a bit your your part it helps

after all any free plugin if it's good

it's going to help the community help

the WordPress grow because there are

more options in WordPress but yeah we

have to accept as well that yeah nothing

as such is free free as in no one is

going to come and manage your website

for free it's it's the reality of life

>> one last one last question before we end

this episode um there a few a few

actually I know quite a few people who

have a website and they rarely log into

their website because of course they

don't need to maybe like once every two

months or so what can we do because

right now I know most web host send an

email when there are plug-in updates

related to security

>> but like what or what can WordPress

score do for example like when there are

plugin updates because many people they

oh I need to update like 20 plugins all

of a sudden

>> yeah really great question I you know

I'm still pretty shocked at how little

WordPress is promoting the fact that

there is an auto roll back feature for

plug-in updates, both manually and

automatic updates. I think we could do a

lot better job of marketing this to the

general public. Uh I think that's, you

know, one of the main reasons I gave my

talk at Word Camp Europe.

>> That's what I heard about it, by the

way. And we're developers. We're quite

involved in the community. And that's

the first time I Oh, what's this talk?

Let me go. It's that's that's where I

head at the moment.

>> The the feedback that I got from people

who are, you know, very involved in the

community who are like, "Wait, I didn't

know about this."

>> Like it it's still it's shocking to me,

right? And so I think we need to do a

better job of marketing this. We need to

do a better job of marketing WordPress

in general. That's kind of a new thing.

I'm I'm I not a new thing but it's

something that I'm really interested in

talking to more people about because I

want to talk to more enterprise type

businesses right who are using other

CMS's and the reason that they're

avoiding WordPress is because of this um

opensource and the lack of security

aspects of it and the reality is it's

very secure in fact it's more secure

because anybody can look at the code and

point out hey that's not secure and then

we fix it right whereas Whereas with

these closed systems,

>> you have no idea. It's a black box. We

don't we don't know what's going on.

>> Um and so I think this is a huge selling

point of WordPress, right? Is hey, it's

got automatic updates. If you have a

brochureware website, you're just doing

a general marketing website,

consider just having the automatic

updates on. Uh, so I think I think we

can definitely do a better job of just

talking about all of this, promoting it

more, making it maybe easier for people

to enable it. You know, right now you

have to go to the plugins page. You have

to either select individually or select

all and then say update. Um, you know,

maybe we have where the core update

page, you know, appears and and we have

the notification from core, hey, there's

an update available.

uh maybe we incorporate plugins into

that page better and just make it a much

easier option. Hey, do you want to

enable all your plugins to automatic

update? click this one button

>> and you know maybe also during setup of

WordPress we have hey how how involved

do you want to be with maintaining this

website you know oh I'm on it I'm going

to be creating staging environments uh

total manual or the other end of the

spectrum oh my god I don't even want to

think about this stuff and they choose

that option and then that enables the

automatic updates so you know I know

that there's been discussion about

improving in the onboarding of

WordPress. And I think this could be a

really key feature to add into there and

just make it really easy for users. Um

because you can always undo automatic

updates, right? And the fact that

there's this automatic roll back now, it

it should be seen as just really safe to

do it unless, like we mentioned, you

have a very complex e-commerce Woo

Commerce website. In those cases, you

want to be a little bit more hands-on

depending on how much uh revenue it's

generating for you.

>> Exactly. Very well said. I like the fact

that you mentioned the on boarding

because even like when you saw a plugin,

it would be nice to have a prompt. Would

you like to enable automatic updates?

Because at the moment, it's not enabled

by default and you have to go to the

side. It's a small link enable auto

update. So yeah, that makes a

difference. Thank you very much, Roger.

Thank you for sharing um all your

knowledge. Um, can you please tell

people where they can find you or talk

to you?

>> Oh, yeah. Absolutely. So, I I'm on

LinkedIn. I love being on LinkedIn.

Reach out to me there, but interact with

me. Like, leave comments. Let's talk.

Let's have a relationship and then maybe

like we'll connect and maybe we can DM

and talk about business. But I I've got

a post actually coming out really soon

about not being awkward. Uh, and so

don't be awkward. Like, just talk to me. I post a lot. Leave some comments there.

I post a lot. Leave some comments there. Let's let's have a relationship. I'm

Let's let's have a relationship. I'm going to a lot of events. I'll be at

going to a lot of events. I'll be at Brighton SEO San Diego at the end of

Brighton SEO San Diego at the end of September. I'll be at Digital Collegium

September. I'll be at Digital Collegium at the beginning of October. Uh West

at the beginning of October. Uh West Slope Startup Weeks in Durango.

Slope Startup Weeks in Durango. >> I'll be at Cloudfest USA in November

>> I'll be at Cloudfest USA in November just attending. Say hello. Digital

just attending. Say hello. Digital Summit Series in Dallas. And then 2026,

Summit Series in Dallas. And then 2026, uh it's going to be all over the place.

uh it's going to be all over the place. I hope to run into you uh at an event

I hope to run into you uh at an event soon.

soon. >> Yeah. No, no, you clearly have a very

>> Yeah. No, no, you clearly have a very busy agenda, but I'd like to highlight

busy agenda, but I'd like to highlight one point that you mentioned as well,

one point that you mentioned as well, just to add to it. Go to a word camp. It

just to add to it. Go to a word camp. It I have made so many friends. I've

I have made so many friends. I've learned so much at it's priceless,

learned so much at it's priceless, honestly. And the the price the ticket

honestly. And the the price the ticket prices at Word Camp are peanuts. 20 30.

prices at Word Camp are peanuts. 20 30. It's it's nothing. So, no, definitely go

It's it's nothing. So, no, definitely go to Word Camps. Thank you very much,

to Word Camps. Thank you very much, Roger. Thanks a lot for your time. And

Roger. Thanks a lot for your time. And yeah, maybe hopefully I'll see you at

yeah, maybe hopefully I'll see you at some word camp.

some word camp. >> You're welcome, Robert. Thank you so

>> You're welcome, Robert. Thank you so much for having me on. And yes, let's

much for having me on. And yes, let's run into each other soon.

run into each other soon. >> Thanks. Thanks. And thanks everyone for

>> Thanks. Thanks. And thanks everyone for following. Thank you. Bye-bye.

Click on any text or timestamp to jump to that moment in the video

Most transcripts ready in under 5 seconds

One-Click Copy125+ LanguagesSearch ContentJump to Timestamps

Paste YouTube URL

Enter any YouTube video link to get the full transcript

Most transcripts ready in under 5 seconds

Get Our Chrome Extension

Get transcripts instantly without leaving YouTube. Install our Chrome extension for one-click access to any video's transcript directly on the watch page.

Add to Chrome — Free

Works with YouTube, Coursera, Udemy and more educational platforms

Get Instant Transcripts: Just Edit the Domain in Your Address Bar!

YouTube

←

→

↻

https://www.youtube.com/watch?v=UF8uR6Z6KLc

YoutubeToText

←

→

↻

https://youtubetotext.net/watch?v=UF8uR6Z6KLc

YouTube TranscriptPreparing your results…

YouTube Transcript:WordPress Updates 101 (and Beyond) | Roger Williams (Kinsta)