DiggingIntoWordPress

by Chris Coyier & Jeff Starr

Should Clients Update Their Own Sites?

Posted by on

A common question for WordPress designers/developers is how to handle plugin upgrades and upgrades of WordPress itself. I recently logged into a client site for maintenance to find that someone had “attempted” an upgrade of WordPress, but that it had failed:

An automated WordPress update has failed to complete – please attempt the update again now.

For the past two years, this particular client had been great about ignoring the “Upgrade Now” nag and just waiting until the next scheduled maintenance (I usually check & update things every six weeks or so). But for some reason, one of the site’s Admins felt the need to click the Update button and give it a shot. And the auto-update failed.

I think one of the reasons why they acted instead of waiting is that the WP-upgrade message to the current version (3.0.4) included a message that emphasized that it was an urgent/important upgrade (because of the security issues with 3.0.3). I don’t have proof of this, or a copy of this most recent update message, but I’m thinking that the client saw that message and just sort of panicked.

Needless to say, my clients are now advised that I am only a tweet away from helping out in such emergencies, and that they should not attempt to upgrade anything themselves, regardless of how utterly easy the upgrade process seems to be.

Should clients update their own sites?

So that’s all pretty anecdotal, but after receiving numerous emails on the topic, I thought it would be helpful to put the idea out there and hear what other WordPress designers think about letting clients upgrade their own sites.

Surely, the answer depends on many factors, including the client’s experience with WordPress, web design, and so on, but my guess is that most clients choose WordPress because it so easy to use, not because they are the world’s most tech-savvy Admins. I guess my point here is that a majority of WordPress users aren’t adequately prepared to deal with an emergency if the “easy update” doesn’t go as planned.

What do you think?

Should clients be instructed to update their own sites? Just press the button and hope for the best? Updates usually go smooth, but you can’t assume that they always will. Case in point is the Admin who tried upgrading before I could log in and do it myself. They probably saw the update-now message and thought something like this:

  • Well, that certainly sounds important
  • Well, that certainly looks easy enough

And so then they click the button and give it a try. If it works, then great, everything works out and nobody skips a beat. If the upgrade fails on the other hand, the site could crash and data could be lost. In my opinion, WP & plugin updates should only be handled by someone who understands what they are doing, takes the time to check for issues, and knows how to fix things if/when necessary. But that’s just one opinion – what’s yours?

67 Responses

  1. if i give them to upgrade, what will happen for my business? they will try to learn WP and they will say good bye for me (it happened to me in past)

    • Well I agree and disagree to this… WP gets so intricate that unless they know heavy php, they won’t be able to learn it. They’ll stick with you… Did the client that left you see how difficult it gets beyond the quick update?

      • well, i am not so agree with you, because, when people looking to get things done very cheep, they do copy and past some code hear and there and showed to me, BTW we cant expect all clients to be dump, there are many clients out there with some level of PHP knowledge.

        In my case i never give, the tools, Theme editing and setting features for clients, especially the wordpress upgrade feature, it is compleatly hidden form dashboard.

        • Yoosuf: I think that’s a sad perspective to take, business-wise. I hate to break it to you, but perhaps your clients aren’t leaving you for the reasons you think they are. You can’t hide information. Wake up! We live in a Google-age. If someone has enough time and determination, they can learn almost anything just from free sources online. Clients pay web developers to deal with these things so that their time/energy can be spent on other things. If you have an open, honest relationship with your clients and they trust you to do the right thing for them and their businesses, then I doubt you’d have any problems retaining clients. However because you have this attitude of hoarding resources and information, it’s no wonder they want to figure it out for themselves as soon as possible. Hiding features from your clients seems like a terribly shady thing to do.

  2. I completely agree. I have about 2 dozen clients with wordpress sites. Many of them let me do the work and ask me what’s up when they see the upgrade notice. Some have attempted to upgrade in the past, and thankfully most of them went well. One time the update failed and I had to re-install WP. Such a pain.

    Because of that one incident, I place a clause in my freelance contract that informs the client that I’m responsible for updates and if they attempt to do so and something goes wrong, I’m not responsible for any damage done.

    It’s almost like automobile warranties. A lot of dealers void the warranty if you modify anything under the hood – even if it’s simple… something can always go wrong.

    • Adding a clause in the contract is a great idea. I might have to “steal” that one.

      • Jeff Starr

        I agree, it is an excellent idea. Should have thought of this long ago.

        • It’s a little more in depth than just what I said above, haha. I mean, I do everythingI can to ensure everything gets back to normal, but I still bill them.

        • Also agreed. I have done this for a while. I state from day one ANY alterations done to the code will result in an hourly fee to repair. It’s like tampering with your xBox or something. Once it’s jacked opened with a pry bar and pieces go flying, you’re screwed as far as warranty.

          Here’s my bit of advice about clients “learning” wordpress and avoiding using you: “Bad clients lead to more bad clients.”
          Best you get away from them anyway!

  3. In my opinion, I think that’s the point of WordPress, making things like this easy enough so we don’t have to do it for them. However, if you’re depending on billing hours (vs one-time fees for building the site, making a theme, or writing a plugin), you’d probably not want people to make any changes on their own.

    Would it be advisable in that case to use a plugin that limits what other user roles (besides Admin) or accounts can see in the Dashboard menus? Then you’d be able to eliminate the “Update” link from everyone else’s menu and they’d have to call you.

    • I am compleatly agree with you!

    • I am compleatly agree with you! when we give more features simply they mess around with the site

    • This snippet can go in your clients functions.php file.

      // Hide update badgest from everyone but mee
      function remove_update_badge() {
           echo '<style type="text/css">
           .update-count, .plugin-count { display:none!important; }
           </style>';
      }

      if ($user_login !== "montanaflynn") { // change admin to the username that gets the updates
           add_action('admin_head', 'remove_update_badge');
           remove_action( 'admin_notices', 'update_nag', 3 );
      }

      • I make them editors on their sites. I keep the admin login with me, and hand it over only when I’m done with managing their site. It makes my life a lot simpler.

      • Yeah, that is the one i am using :) thanks for sharing

  4. The problem is that WP DOES make it sound so easy. “Come on, press one button! What could go wrong? Why bother the developer (who might charge me something) when I can just hit that button? And it’s URGENT! Says so right there.” It’s not helped by the lack of feedback if the download and unpacking is taking a while.

    The flip side of saying “no, let me do it in case something goes wrong” is that 1) it makes the upgrade process seem fragile and WP perhaps not all that stable (Hey, if it’s supposed to be an easy one button operation and it can fail… ) and 2) since most of the time it works fine, you can give the impression you’re trying to lock them in by making an easy thing seem complex.

  5. I used to set my clients as editors only and would only add someone as an admin if I knew that they knew their stuff. I also always set up the wp db backup plugin for all of my client’s site and get a copy of their db every week, just in case…

    But most recently, I’ve been setting up all of my clients as admin. The reason for this is because of all of those damn social media plugins. When people ask me about facebook like, tweet this and what not.. I just don’t have time to research all of the various plugins and try to figure it out.

    So I figure, that they might as well install their own plugins and test them out.

    Of course with that comes the upgrade messages. I decided to add a bit of code in my function file which makes the large yellow alert at the top disappear. The update notification in the sidebar are still there if upgrades are available, but I think that they are less frightening than the large message.

    So far only a handful of clients have upgraded their own site and nothing’s happened.

    Personally, I think that once they’ve paid me for the site, then they should have free access and the key to the whole thing, so if they want to make the updates, then so they should and if they break something, then all they have to do is call me.

  6. I give each client the option and most of them decide to upgrade the site themselves. I provide clear instructions about backup and let them know that if it goes wrong they can email me and I’ll help fix it. Any fixing is clearly billable time in my contract. I don’t like making clients ‘have’ to use me for something as trivial as this since 90% of client sites get so little traffic that anyone besides them would even notice.

    I have one or two larger client sites that I do everything with but these are typically also deployed with testing and fail over and the client wants uptime and testing so they know not to touch it.

    I think that forcing a client into using you for updates does them a dis-service.

  7. Michael Beckwith January 17, 2011

    The company that I work for usually uses a user capabilities manager to create custom roles that can do enough to run the website with decent amount of control, but we remove ability for more knowledgeable tasks. Stuff like plugin/site updates and touching the theme files. There are things they just don’t need to touch

  8. It’s hard enough keeping clients from screwing up the markup of a post and subsequently destroying any nice styling you’d had working.

    Unless otherwise requested/necessary (i.e. you’re going completely hands-off), clients probably ought not to have admin access to their WP install. Too easy for them to fuck everything up.

    • I used to never give admin access and usually the editor role worked fine for most users. Except ever since WP3.0 and the addition of the menu system, you need to have the admin role to see the Appearance section to edit menus.

  9. I work for an Internet/hosting provider. We’ve been trying out building sites for clients, and we’ve been teaching them to upgrade themselves, although also giving them an option to pay us to do so, for a reasonable monthly fee.

    What makes it workable is that our shared hosting service has a Plesk control panel with a one-click installer (Installatron) that backs up the site by default right before upgrading it. So we teach people to do WordPress upgrades through Installatron, instead of from their WordPress admin screen, and then if something goes wrong, they can immediately restore the backup with no technical know-how whatsoever.

  10. With WPMU/multisite you can hide the plugins section entirely (even from admins). Looks like be default the Dashboard>Updates section is hidden from anyone that isn’t a Super Admin as well as the WordPress version number. I’m guessing that the core update notifications are also hidden, but I haven’t had to upgrade it yet. Nice to be able to hide the ability to upgrade but still give someone the admin role to their site.

    For my clients I always tell them to not upgrade and to just ignore notifications to upgrade. That we will handle it. If the client wants to take over upgrading, then I would just explain how and if they need my help if something goes wrong they know it and will get billed.

  11. “I usually check & update things every six weeks or so” Isn’t “six weeks or so” a bit long to have one of your sites potentially vulnerable to security problems?

    • Jeff Starr

      Not for the site in question. I have other, automated methods in place that help me keep an eye on security and other issues. In the post, I’m talking about physically visiting the property.

  12. Joachim Kudish January 17, 2011

    I recently starting installing new WordPress installs via svn instead of the regular way. I also include plugins via svn:externals. Then I disable the built-in upgrade tools via existing hooks. This not only speeds up updates but makes them easier and allows me to keep track of everything.

    I should write something up that explain this in more details :)

  13. Nice article! I recently finished a project wherein the topic of updating the site was asked. I offer them a year of free service in updating since WordPress rarely release new versions unless it is for security reasons and also the content of their website is pretty much as is with little to no update needed. If the company has an IT guy then I guess you can teach them or maybe they already know how to do the upgrade themselves. If not, I guess you should ask for compensation as little as possible so that you won’t get harassed by them calling you every time they want something changed on the website.

  14. “Should clients update their own sites?”

    No.

    It is possible to have a plugin incompatibility with the new version which may break the site. Or worse.

    I give my clients very restricted capabilities. There is one plugin called “Roles & Capabilities” which is an excellent WP Caps manager. My idea is the less the client touches the site, the better. That’s why I get money for support. I am the person responsible for updates. Because if something breaks I will fix it immediately, or ASAP.

    • I clearly agree with that !
      I remember not so long ago a friend of mine who destroyed is WP with an automatic update because of an outdated plugin.

      @Yoosuf : As far as “what will happen for my business?” is concerned, I think it’s a big mistake and clearly incompatible with an “Open source mind”.
      The strongest argument I use with my client is to tell them that they are not linked to me in any kind by using this type of software.
      I prefer that they come back to me thinking of “he developed a very strong solution and did a great job” vs. “It’s the only one we know who can do it”

      Thank for this really interesting article Jeff.

  15. I send out an email to my WordPress clients when there is a new WordPress version released informing them of the new update and while most have admin accounts (with automated backups) they usually just ask me to do it.
    I find the clients like the informational email, so they are aware when they see the upgrade alert.

  16. Heck, on certain sites, where some plugins play a big role in functionality, even I am afraid of hitting that upgrade button, without making a full back-up and be ready for anything!

    So, the clients shouldn’t be allow to upgrade.

  17. I have a couple of clients and I have made it clear that I would prefer they leave the updating to me. This is because in the past I have had clients mess up their blogs and it has taken me ages to fix.

  18. Rachel Nabors January 18, 2011

    I usually try to let the owners handle it, but only if I can trust them to back up their files and databases prior to any updates. Even then I try to set up automatic backups, just in case.

    I feel bad about charging people to update their sites when it’s something they can do themselves fairly easily, but you’re right, what if something goes horribly wrong? Perhaps I should start selling inexpensive maintenance packages as well.

  19. Most of my clients are using their WP sites as simple CMS’s. So in order to prevent them from making any kind of potentially disastrous “changes” to their websites, I set permissions for their accounts to Editor. But of course this isn’t an option is some situations.

  20. So what is a fair price for performing updates for clients. It is only 10 minutes work so I’m keen to know what do you charge?

    • Jeff Starr

      Only “10 minutes of work” unless something breaks..

      I usually charge a (small) flat fee for quick updates.

  21. Great points, Jeff! In our world, where we understand all the variables I would agree. But in my client’s worlds, many are overly confident and want to do as much as possible. “It is easy after all, isn’t it?”

    In the 16 years of being a consultant, one thing is clear. Many underestimate the skills needed to do what we do — and make it look so easy. Some learn the hard way — others prefer to learn what we know and still others would rather concentrate on the business of running their business.

    I have always been of the POV to empower clients with as much knowledge and skills as they are willing to embrace. We all know the more involved they are and the more they learn that their success ratio increases exponentially. So I don’t hinder them with permissions.

    So I cover all the bases. I have an article front and center on my site for clients (and anyone else) on how to update step by step. And for those who are more realistic about what could happen, or prefer to leave the “techie stuff” to someone they know “knows”, they know where I hide!

    • I’m with you Judith. I like to empower and inspire my clients. I don’t want to be the keeper of some magic techie key and lock them out of their own site. They paid a lot of money for the product, it’s theirs.
      I like the idea of putting the “you break it, you pay” clause in a contract.
      And frankly, I plan on designing and building as many sites as I can. I love it. I don’t want to get bogged down with every little question my former clients have.
      I love the idea of having instructions on the site. It would be nice to make a little manual for pdf download with the current.
      As far as the fellow who’s afraid of losing work by giving clients admin permissions:
      There’s no need to squeeze as much money as you can out of a client. There are plenty of others out there. You’ll get more if you share your excitement and trust their intelligence. They will feel respected and tell others what a great experience it is to work with you.

      • Well, if this article and the ensuing discussion has proven anything it’s that there are a lot of different types of clients, each with their own set of needs and comfort levels. But it’s strange to hear a somewhat adversarial tone in some of these comments about various folks’ clients. Or the notion that the only good business is new business. Honestly, what would you rather have, a bunch of nagging “former” clients or happy “active” ones?

        I’ve been working professionally in this field since 1993 and running my own shop since 2000. I have built relationships with my clients over the course of many years and many projects and they have rewarded me with more referrals than I can frankly handle. My clients appreciate when I empower them with knowledge, but the last thing they want or need to be doing is learning how to backup and update WP. They appreciate and expect me to inform them about the capabilities of web technologies so that they can utilize them to accomplish their business objectives. But they already have full time jobs. They certainly don’t want me to create more work for them.

        With regard to WP projects, all my clients get the admin login to their shops along with a caution about using it. And, frankly, WP developers are a dime a dozen, so no one is being held over a barrel here. Just good, honest work for a fair price.

        As for offering a “maintenance contract,” I personally think this should just be an as-needed option–not a recurring monthly fee–since a WP site shouldn’t require monthly maintenance.

        • Shouldn’t require monthly maintenance? Plugins are constantly updated and require updating. The core was updated 3 times in Q4. Obviously Q4 seems to be out of the norm, but obviously these updates need to be put in place ASAP when they are released.

          I definitely agree that it’s on a per client basis. If the client wants to learn WP enough to backup everything and do updates, then I will teach them.

        • Agreed that Q4 was a busy one! But, I won’t update plugins if they’re merely incremental tweaks or not critical bug fixes–only when required by a subsequent WP update. Otherwise, I’ll read the release notes and advise the client accordingly. I am, however, looking forward to getting my first email from Update Notifier!

  22. I’m about to be dealing with this right now as I will be handing the keys over to a client by month’s end. I created Admin & Author accounts and have already been coaching the client on NEVER using the Admin account for any reason. The project had a flat fee, though I will offer them a maintenance contract for one year of version and plugin updates. It’s up to them to take it or try doing things on their own. I didn’t see the project as being a significant source of recurring revenue, so I’m not averse to simply saying “thanks, let me know if I can help with anything else” and leaving it at that.

  23. Toby Bobian January 18, 2011

    I collected a lot of interesting things in your blog especially its discussion. From the a lot of comments in your posts, I think I am not the only one having all of the enjoyment here! continue the good work.Regards

  24. A few questions. I am building my church’s site with wordpress and have chosen a theme for it but it loads slow and all the images are very very very small. i think the whole image folder altogether is 650k total or less. The link is http://www.shreveportlife.com/wordpress if you want to see how slow it loads. i got the theme from themeforest.com

    2nd question: Can anyone give me some info or advice on making sure the site is secure, all the folders that need to be secure cant be reached from hackers and all backups are being made? im new to this sort of thing so sort of need advice. Im learning php but i know css and html.

  25. why not use some script who updates wordpress installation serverside, i have script where in configuration listed paths for wordpress what needs to be updated… then script checks periodically for new version of wordpress and when available then downloads it, and copies wordpress files over and opens upgrade link. so wordpress is updated in the mater of minutes after release… of course if the release is buggy then there is a problem, but for that we have backups :)

  26. If you don’t want them to push that button because it’s big and scary, the don’t let them see or use the button. You can do that two-fold: One, use a five-line snippet of code to deny them the capability to update core. Two, the important part, actually update them when they need to be updated.

    So that said, don’t block the button, and then wait six weeks (or until they ping you) to update their site. I wouldn’t find that acceptable for any maintenance or security releases.

  27. Interesting I was just asking myself this question this week! It’s even more interesting to see everyone’s comments about the subject.

    I’ve always done the updates for my clients, both with plugins and the WordPress releases. However, it is time consuming to go to each and every site to perform the upgrades. I do like the idea of billing the client for updates.

  28. On the sites I build for customers they don’t have the full control of the admin. And the update nag is hidden so the clients are not aware of any update. I myself keep track of updates and if an update concerns serious security issues I contact the customer. Also in case a new WP version adds functionalities that are usefull for a customer I advice to upgrade.

    In my experience most customers (small to medium size companies) don’t want anything to do with updating WordPress. They usally are too busy with their own business.

    And a client cannot oversee the consequenses of the update. Plugins that don’t work, loss of data etc..

    So in my opinion the client shouldn’t update but leave that to someone that knows what he is doing. That would be me.

  29. Interesting, i thought WordPress should make content management to the site owner easier so he can do it himself, not to make it easier fr designers/developers to make money.

    I develop a theme for a client, tell him to Update when he sees the message but first make a backup, and if something goes wrong shoot over an email.

    Is that too hard to follow? Backup and then update? I wouldn’t even bother working for clients that can’t handle such easy tasks. And on top of that i don’t want to rip them off (200 or whatever per month to hit update).

    • So, your clients are savvy enough to backup the entire site (not just the xml data, but the db, too?), update WP, update all of the plugins, ensure said plugins are actually working correctly, check the theme to make sure nothing broke visually and/or functionally (2.x – 3.x, really?), and then roll it all back in case of a failure (because they’re updating the live site after all)? I would LOVE some clients like that! ;-)

      • BTW, I don’t know who charges their WP clients a $200/month maintenance contract for incremental updates, but that’s some good pocket money!

      • hahahaha. simply brilliant.

      • Jeff Starr

        Many of my clients are not very tech-savvy. They choose WordPress because it is easy to use and can do everything they need. They choose me as a designer because I can help them with things like backups, updates, and other maintenance. I would hate to lose any customer simply because they “can’t handle such easy tasks.” If they need help, I am happy to provide it! :)

  30. Interesting article and following discussion.

    I offer all my clients a “Technical Maintenance” package, which basically is nothing more than an insurance. The client can choose to do updates him/herself, but if something breaks I will bill them for at least 2 hours.

    The client can also pay me a yearly fee that is a tiny bit less than those 2 hours and for that I will take care of all updating including the time I need to fix if things break unexpectedly.

    Works out great for me as 100% of my clients choose for this package and together with the WordPress Status Dashboard application (http://senl.in/wpsdb) I always know when a site is in need of an update.

  31. Tech Bold January 23, 2011

    Before updating wordpress all factors should be considered like are plugins going to work etc and if the update is critical then he should update wordpress without risking blog security.

  32. Definately not. A lot of things may happen and there is no immediate backup. Clients should stay away and that’s why maintenance exists.

  33. First off Chris your comment

    WP & plugin updates should only be handled by someone who understands what they are doing, takes the time to check for issues, and knows how to fix things if/when necessary

    isn’t an opinion, it’s common sense. I too have a clause in my contract stating that if they do anything to “break” the website, I’m not responsible, but will fix it for a fee.

    My opinion relates to the integrity of your business. If you allow your clients access to do as they wish and the site is damaged somehow in doing so, it could easily make YOU look like you don’t know what your doing. I want people to look through my portfolio and visit a working site. If that site isn’t they way it’s supposed to be, the prospective client is not going to ask questions. They’ll contact your competition.

    My clients have editor access, if they find that there is something they want to do beyond that, I have a series of questions that I ask, give them a breakdown of the risks, then give them an example of what could happen when tampering. Being hands on like this let’s them know that I’m not just blowing smoke to get more money out of them.

  34. Connor Crosby January 25, 2011

    This article just reminded me I forgot to update my clients’ wp version. Thanks :D

  35. Not that it’s good practice, but I update client sites only when they call me to make other changes. I have them all setup to backup once a week, so worst case a client breaks their own site, I can fix it.

    I’ll have to consider instituting a quarterly backup program, however partly why I use WordPress is so that clients can update, change, and manage their own websites.

  36. Thanks for this article, I agree with what you’ve said in the original article I would say a similar thing – as with a lot of things on the internet, they are always gonna be great for everyone of any ability – until they don’t work properly – and that’s one way DIY CMS can become a problem, and potentially start costing more money – for some perhaps a hidden cost until something happens.

    Another question for those administering WordPress websites for others is how do you provide on-going support, and how much to charge – say for upgrading WordPress and ensuring it works. Where do you draw the line?

    If a person has gone and installed 25 plugins, (or even one) and in particular a customized WordPress system falls over, who pays to get it up and running again? I guess its important to make it clear if someone is paying for a service what will and won’t be supported without extra cost. What model do you use, and does it work?

  37. My clients have editor access, if they find that there is something they want to do beyond that, I have a series of questions that I ask, give them a breakdown of the risks….

    This seems like one sensible solution – though I think a lot of people maybe expect full control as that is another perception that this will be the case about many of the open source CMSs – I guess it depends on if they installed it themselves or not.

  38. Ash Blue January 28, 2011

    This is a recurring problem for all CMS developers and WordPress webmasters. I personally build custom roles for all of my clients to keep them from touching anything volatile. Which means plugins and updates unless I’m sure they know what they are doing. Giving a client keys to a jet airplane when they can barely drive a car is not a good idea.

  39. Interesting discussion. Drawing that line as to what the client should or shouldn’t handle is interesting, because the right answer can vary so much from one situation to the next.

    I’ve been in the web design business awhile, and I decided fairly recently to actually require, as part of a package deal, that my clients allow me to handle the maintenance of their WordPress site – WP upgrades, plugin upgrades, and backups. This, and the hosting account, is all part of the deal. I also build a couple of hours of my time into the contract.

    This is fairly new for me, but so far I like the way it’s working out.

    I don’t know what kind of clients other people have, but mine very seldom are up for anything very technical! :-)

  40. I’ll go along with Patty. I’m just starting building WP sites, most likely much less experienced with the actual site building but I know a few things about computer problems and what improper back up can do…..aggghh

    I charge a built in hosting with maintenance and upgrades as part of the deal…actually the first 6 months are free :)

  41. I see both sides, but I would prefer to give clients the option to update their site if they wish.

    What I would really like, is to be able to customize the WordPress update notification – to allow the alert, but also add to the message. Alerting the client of the importance to first do a backup, and an email link / phone number to contact me if they would prefer to have me do it (with a guarantee if it goes south in the process).

    Anyone know of a function to edit the WordPress upgrade notification?

Comments are closed. Contact us with any critical information. Thank you!

Code is poetry