How to update WordPress manually without breaking your site

A website running on WordPress must be updated regularly to ensure security, performance, and compatibility. However, there are situations where you cannot simply click the “Update” button in the dashboard and allow the system to handle everything automatically. When an update fails, the site becomes stuck in maintenance mode, or you are unable to access the admin area, the need to update WordPress manually becomes unavoidable.

This article provides a clear and structured guide on how to update WordPress manually in a safe and systematic manner, while minimizing the risk of data loss or site disruption. If you are looking for a controlled, step-by-step approach that is suitable even in emergency situations, this guide is designed specifically for you.

How to update WordPress core manuallyLink to heading

If your website cannot update automatically, you can update WordPress manually by following the clear steps below.

Step 1: Create a full backupLink to heading

Before making any changes, back up your entire website. This includes:

• All website files
• Your database

This step is crucial. If something goes wrong during the update, you can quickly restore your site without losing important data.

Step 2: Download the latest version of WordPressLink to heading

Visit wordpress.org and download the newest WordPress version as a ZIP file.

After downloading:

• Save the file to your computer
• Extract (unzip) the file into a new folder

Make sure all extracted files are ready for upload.

Step 3: Deactivate all pluginsLink to heading

Log in to your WordPress dashboard.

• Go to the Plugins section
• Deactivate all active plugins

Disabling plugins helps prevent compatibility issues during the manual update process.

Step 4: Delete old core foldersLink to heading

Access your website’s root directory using:

• sFTP, or
• SSH

Locate the following folders:

• wp-admin
• wp-includes

Delete only these two folders.

Do not delete any other folders.

Step 5: Upload new core foldersLink to heading

From the WordPress files you extracted earlier:

• Upload the new wp-admin folder
• Upload the new wp-includes folder

Place them in your website’s root directory to replace the old ones.

Step 6: Update the wp-content folder carefullyLink to heading

Do NOT delete your existing wp-content folder.

This folder contains:

• Themes
• Plugins
• Media files

Instead:

• Open the wp-content folder from the new WordPress package
• Copy its contents into your current wp-content folder
• Overwrite files only when prompted

Your existing themes, plugins, and uploads will remain safe.

Step 7: Replace root filesLink to heading

Next, copy all files from the root directory ("/") of the new WordPress package into your website’s root directory.

• Allow existing files to be overwritten
• Allow new files to be added

Your wp-config.php file will not be replaced because WordPress does not include this file in its official download.

Step 8: Check configuration updatesLink to heading

Open the file named wp-config-sample.php from the new WordPress package.

Review it carefully to see if any new configuration settings have been added.

If necessary, update your existing wp-config.php file accordingly.

Step 9: Remove maintenance file (If needed)Link to heading

If you are updating after a failed automatic update:

• Look for a file named .maintenance in your root directory
• Delete it

This will remove the maintenance or failed update message from your website.

Step 10: Complete the database upgradeLink to heading

Go to your admin page:

yourwebsite.com/wp-admin/

You may need to log in again.

If WordPress asks you to upgrade the database:

• Follow the on-screen instructions

If you cannot log in, try clearing your browser cookies.

Step 11: Reactivate pluginsLink to heading

After accessing the dashboard:

• Reactivate your plugins

It is advisable to enable them one by one to check for possible compatibility issues.

Step 12: Clear cacheLink to heading

To make sure you see the updated version:

• Clear your browser cache
• Clear server-level cache if you use systems such as Varnish

This ensures that visitors can also view the newest version of your website.

You have now successfully completed the manual WordPress update. Your website should be running the latest stable version with improved security, performance, and compatibility.

>>> Learn more: WordPress core vulnerabilities: Risks & protection guide

How to upgrade WordPress plugins manuallyLink to heading

If you need to update WordPress manually, including upgrading a specific plugin, follow the structured steps below to ensure a safe and error-free process.

Step 1: Create a full backupLink to heading

Before making any modifications, generate a complete backup of your WordPress website. This should include both your website files and your database. Creating a backup is essential because it allows you to restore your site immediately if any issue occurs during the manual plugin upgrade.

Step 2: Download the latest plugin versionLink to heading

Visit the official WordPress Plugin Repository and search for the plugin you intend to update. Download the most recent version as a ZIP file. Carefully confirm that you are selecting the correct plugin and version to avoid compatibility problems with your current WordPress installation.

Step 3: Extract the plugin filesLink to heading

After downloading the ZIP file, extract it on your local computer. Once unzipped, a folder named after the plugin (for example, “plugin-name”) will appear. This folder contains all updated plugin files required for the manual installation.

Step 4: Access your website via sFTPLink to heading

Use an sFTP client to connect to your web server. Navigate to the following directory:

wp-content/plugins/

Locate the existing folder of the plugin you want to upgrade. Delete this folder completely before uploading the new version. Removing the outdated directory prevents file conflicts between the old and updated plugin files.

Step 5: Upload the new plugin folderLink to heading

Upload the newly extracted plugin folder into the same wp-content/plugins/ directory. Ensure the folder structure remains correct, such as:

wp-content/plugins/plugin-name

Wait until all files have been transferred successfully. Interruptions during upload may cause incomplete installation or plugin malfunction.

Step 6: Verify the plugin in the dashboardLink to heading

After completing the upload, log in to your WordPress admin dashboard. Navigate to the “Plugins” section and confirm that the plugin reflects the latest version number. Make sure the plugin is activated and functioning properly.

>>> Learn more: Why WordPress security issues mostly start with plugins

How to upgrade a WordPress theme manuallyLink to heading

If you need to update WordPress manually at the theme level, follow the steps below carefully to avoid errors or data loss.

Step 1: Check for theme customizationLink to heading

Before you begin, determine whether your current theme has been customized.

If you edited the theme’s code (such as PHP, CSS, or template files), replacing the theme will erase all those changes permanently. In this situation, you should ask a developer to merge your custom code into the new version instead of simply overwriting the theme.

If you only changed settings through the WordPress dashboard (for example: colors, layout options, widgets, or theme settings), you can safely continue with the manual upgrade process.

Step 2: Create a full backupLink to heading

Always create a complete backup of your website before making changes. This includes:

• All website files
• The WordPress database

A backup ensures you can restore your site quickly if something goes wrong.

Step 3: Download the latest theme versionLink to heading

Download the newest version of your theme from the official developer or marketplace. The file is usually provided in ZIP format. Make sure you download the correct and most recent version to prevent compatibility problems.

Step 4: Extract the theme filesLink to heading

After downloading, unzip the file on your computer.

You will see a folder named after your theme (for example: theme-name). This folder contains all updated theme files.

Step 5: Connect to your website via sFTPLink to heading

Use an sFTP client to connect to your web server.

Go to the following directory:

wp-content/themes/

Find the folder of the theme you want to upgrade.

Delete this old theme folder completely. Removing it prevents conflicts between old and new files.

Step 6: Upload the new theme folderLink to heading

Upload the newly extracted theme folder into the same directory:

wp-content/themes/

After uploading, your folder structure should look like this:

wp-content/themes/theme-name/

Make sure all files are uploaded successfully before proceeding.

Step 7: Verify the updateLink to heading

Log in to your WordPress dashboard.

Go to:

Appearance > Themes

Check that:

• The theme shows the latest version number
• Your website design displays correctly
• All features and functions work as expected

Once everything is confirmed, your manual theme upgrade is complete.

>>> Learn more: The Truth About Malware in WordPress Themes - Did You Know?

ConclusionLink to heading

Regular updates are fundamental to protecting your WordPress site against vulnerabilities and performance problems. When handled properly, the decision to update WordPress manually allows you to maintain complete oversight of the process, particularly during critical errors or failed upgrades. From core files to plugins and themes, each component must be updated with precision and verification. 

By applying the step-by-step guidance outlined above, you can ensure that your website remains secure, compatible, and fully functional. Ultimately, a careful manual update process strengthens your site’s reliability and reinforces your overall WordPress maintenance strategy.

If you are serious about protecting your WordPress website, W7SFW (WordPress Firewall) is a security layer you should not ignore. Unlike traditional firewalls that allow traffic by default, W7SFW applies a strict filtering mechanism to block malicious requests before they can exploit vulnerabilities in your core files, themes, or plugins. 

It helps prevent brute force attacks, unauthorized access, and automated exploitation attempts in real time. Instead of reacting after your site is compromised, W7SFW focuses on proactive defense at the application level. 

Activate W7SFW today to strengthen your website’s security, reduce attack risks, and maintain full control over who can access your WordPress environment.