Overview
Oftentimes when running a website, individuals will only make the changes they need and neglect the general maintenance of the site, including things such as updates. As described in our article on security practices, keeping WordPress, as well as all plugins and themes, up to date is crucial to your site’s continued good health.
Risks of neglecting updates
Security Risks
The most significant risk of running outdated software is exposure to security threats. Many updates include important security patches, and delaying them can leave your site vulnerable to known exploits. Unpatched flaws may allow unauthorized access, compromise your collected data, or provide a pathway to the execution of malicious code. Keeping WordPress, themes, and plugins up to date is one of the simplest and most effective ways to protect your site from these threats, as it enables the development teams of each software provider to send proven solutions to you as soon as they are ready.
Compatibility Issues
Compatibility issues can also arise when parts of your site are updated independently. For example, updating WordPress to a new major version while leaving Gravity Forms on an older release may cause bugs if Gravity Forms relies on functions or APIs that have been removed or changed in the newer WordPress version.
Unpatched Bugs
A large majority of the code placed in minor updates is simply to correct a bug that may exist. Failing to update your plugins can expose you to those bugs and sometimes lead to poor or unexpected user experiences.
Best practices for staying up to date
Nothing provides a bigger attack vector for hackers than an outdated plugin with a known vulnerability. As soon as such a vulnerability is revealed in a plugin (or within a subsystem, framework, or library the plugin uses), you can bet that nefarious bots are being sent out to scour the web looking for websites with that plugin installed. It’s a race at that point, with hackers trying to find a target before the developers release a security patch.
If you aren’t staying up to date with your plugins and components, you are making the hacker’s life much less time-constrained! Most software developers work hard to keep their software secure, as the reputation of their products is tied to its perceived security. This is a never-ending battle. The more complex the software gets in general, the greater the chance of having a hole or a sneaky backdoor. All your software providers are working hard to keep their software as secure as possible in an ever-evolving security landscape, but remember that staying up to date is YOUR responsibility.
The following practices are apparent, but they are also habits that can slip by us when we are busy trying to finish a site implementation or update. Use this as a chance to remind yourself.
1️⃣ Enable automatic updates
Why work manually when you can let the system work for you! To simplify ongoing maintenance, consider enabling automatic updates for the plugins you trust. Review their documentation to understand what versions are pushed out automatically. You can familiarize yourself with the various types of Gravity Forms updates here.
The WordPress Codex includes an excellent guide on configuring background updates for WordPress core and plugins. You can find it in the Enabling Automatic Background Updates article. Additionally, refer to our guide on version numbering to see which types of updates we make available for automatic download.
Check for updates often. Regularly logging into your WordPress admin dashboard and reviewing any available updates is one of the easiest ways to keep your site current.
Use a management tool. If you maintain multiple sites, logging into each one individually to check for updates can be a time-consuming process. Tools as WP Remote can help you monitor and update numerous sites from a single interface. Additionally, look for support for tools like Composer to simplify the process of package distribution and installation where plausible.
2️⃣ Keep up to date with your licensing
Without active and authenticated license keys saved in the plugin settings, Gravity Forms (and a vast collection of other plugins) will be unable to check for updates. To maintain your subscription, keep an eye on your renewal timelines and your credit card expiry date. Whitelist the domains of the various plugins you use in your email client to ensure that reminder emails about license or credit card expiry are delivered to a non-junk mailbox.
3️⃣ Check your plugins periodically for ongoing development activity
Nothing lights up a hacker’s smile like an out-of-date plugin. Set yourself an annual reminder to review the plugins you have installed. Checking them to ensure they are still receiving regular updates, and that they note compatibility (or have issued fixes) related to the latest version of WordPress or, if necessary, the operating system and components (e.g. PHP) you have installed on your server.
4️⃣ Update Gravity Forms before updating add-ons
Gravity Forms add-ons are dependent on the core plugin and can require the latest version of Gravity Forms to install and function properly. If you attempt to automatically update an add-on while running an outdated version of Gravity Forms, the automatic update will not proceed. You will see a compatibility notice in your WordPress admin indicating the minimum required version.
While you can manually upload and install an add-on update that requires a newer version of Gravity Forms, the add-on will not function correctly until you update the core plugin. To avoid compatibility issues and ensure proper functionality, always update Gravity Forms first before updating any add-ons.
How Automatic Updates Work
Automatic updates allow WordPress to install certain Gravity Forms and add-on releases for you without requiring manual action. When enabled, WordPress checks for new versions in the background and installs eligible updates as they become available.
The background updates setting on the Forms > Settings page is synchronized with the enable/disable auto-updates link on the Plugins page, allowing auto-updates to be enabled or disabled in either location.
To see the types of releases, what they usually contain, and which are eligible for automatic installation, refer to this guide on Gravity Forms version numbering.
Not all sites will receive updates simultaneously; updates may roll out gradually across all affected sites to ensure stability.
Update Settings
Gravity Forms includes an automatic updates setting within the plugin during the setup wizard, as well as on the Forms → Settings page.
WP-CLI commands for managing plugin auto-updates are supported as of Gravity Forms 2.7.2.
WordPress includes an “auto-updates” option on the Plugins page
These control the same thing. Changing the setting in either location has the same outcome and will be reflected in the other location.
Caching Considerations
Update data is cached locally for one day to reduce API requests. Download URLs also expire after two days. If your site uses aggressive caching or optimization tools, you may see delays in update availability or occasional installation failures.
To refresh the cache immediately, go to Forms → System Status → Updates.
Changelogs
Curious about the changes in each version? You can find a changelog for Gravity Forms and every one of our plugins in the documentation area for that plugin, by searching this site, or using the links below.
-
2Checkout Changelog
-
ActiveCampaign Changelog
-
Advanced Post Creation Changelog
-
Agile CRM Changelog
-
AWeber Changelog
-
Batchbook Changelog
-
Breeze Changelog
-
Brevo Add-On Changelog
-
Campaign Monitor Changelog
-
Campfire Changelog
-
Capsule CRM Changelog
-
Chained Selects Changelog
-
CleverReach Changelog
-
Cloudflare Turnstile Add-On Changelog
-
Constant Contact Changelog
-
Conversational Forms Changelog
-
Coupons Changelog
-
Dropbox Changelog
-
EmailOctopus Changelog
-
Emma Changelog
-
FreshBooks (Classic) Add-On Changelog
-
Geolocation Changelog
-
GetResponse Changelog
-
Google Analytics Add-On Changelog
-
Gravity Forms Changelog
-
Help Scout Changelog
-
Highrise (Deprecated) Changelog
-
HubSpot Changelog
-
Kit Changelog
-
Mad Mimi Changelog
-
Mailchimp Changelog
-
MailerLite Changelog
-
Mailgun Changelog
-
Moderation Add-On Changelog
-
Mollie Changelog
-
Partial Entries Changelog
-
PayPal Changelog
-
PayPal Checkout Add-On Changelog
-
PayPal Payments Pro Changelog
-
Pipe Changelog
-
Polls Changelog
-
Postmark Changelog
-
Quiz Add-On Changelog
-
reCAPTCHA Add-On Changelog
-
Salesforce Add-On Changelog
-
SendGrid Changelog
-
Signature Changelog
-
Slack Changelog
-
Square Changelog
-
Stripe Changelog
-
Survey Changelog
-
Trello Changelog
-
Twilio Changelog
-
User Registration Changelog
-
Webhooks Changelog
-
Zapier Changelog
-
Zoho CRM Changelog