Skip to content

Version updates and maintenance

Third-party plugins added to sites on the WordPress VIP Platform should be kept up to date with their latest available version. It is the responsibility of individual customers and their developer teams to maintain, test, and update the plugins used on their sites.

Update a plugin

Update a plugin by committing the newer version to the deploying branch of an environment’s wpcomvip GitHub repository.

Plugins cannot be updated or installed within the WordPress admin dashboard.

When updating a plugin, follow the recommendations to evaluate and test a third-party plugin:

  1. Use PHPCS to scan the updated plugin’s code locally.
  2. Commit the updated plugin’s code to the deploying branch of a non-production environment. Test the updated version of the plugin thoroughly before merging to the deploy branch of a production environment to ensure the stability of the production site’s performance and security.

Identify available updates

  • WordPress user roles with the activate_plugins capability will see available updates for third-party plugins displayed in the WordPress admin dashboard Plugins screen.
  • WordPress user roles without the  activate_plugins capability can review available updates for third-party plugins by navigating to Tools –> Site Health–> Info.

Security fixes

Codebase Manager automatically scans plugins in an application’s wpcomvip GitHub repository that can be downloaded from the Plugin Directory. Pull requests that upgrade vulnerable plugins are automatically opened by VIP’s GitHub app bot.

Last updated: November 16, 2022