WordPress is the most popular CMS, but due to its widespread use, it is also the most attacked.
Regular updates are therefore not only mandatory, but also facilitate an upgrade, which becomes more problematic the longer the gap between versions.
The biggest problems with WordPress migrations are expected from version 2.x to 3.x or 4.x, also with regard to web hosting.
Starting with version 3.5.2, we recommend using the DUPLICATOR plugin for WordPress to create a complete copy of the website, which can then be installed on a separate system.
For versions lower than 3.5.2, the database should be backed up (e.g., create a corresponding SQL dump using PHPMyAdmin (step-by-step instructions can be found on YouTube) and transfer the files to the test environment using FTP.
For the upgrade process, you should activate a default theme—one that usually ships with the existing version and is therefore guaranteed to be compatible. All plugins should also be deactivated.
If the theme was not created specifically for the company, but was a redesign of an existing theme, then the changes must be saved so that they can be used again after the theme is updated.
The sheer number of plugins for established systems like Joomla, Drupal, or WordPress often leads to an extreme accumulation of extensions being used. Therefore, all extensions must be checked to see which version they are compatible with. With WordPress, this is no longer a problem, as compatibility is already displayed on the plugin page.
WordPress shows the compatibility between the program and plugin versions.
The compatible version of the plugin should be downloaded to keep it ready for updating at a later time.
If the latest WordPress version cannot be used, the archive also offers older versions.
After these preparations, the following files and directories can be deleted from the copy system:
Directories: wp-admin, wp-includes (but not the wp-content directory, as this is where the content is located)
Files: all except wp-config.php and .htaccess (and of course don’t delete sitemap.xml and robots.txt either)
Before installing the new version, you should check whether the number of security keys in wp-config.php exactly matches the number of security keys in the new version. If not, you must insert the eight lines from wp-config-sample.php into wp-config.php. It would be even better to generate your own keys.
When upgrading from 2.x to 4.x, it may be advisable to take intermediate steps (from 2.8.4 to 2.9, then to 3.0.4, then to 3.1.3, etc.) to reach a point from which an upgrade can be carried out without any problems.
The new version is then installed by uploading the system files to the web space via FTP.
Ideally, the backend is now accessible, allowing you to upload the individual plugins and then activate them one by one. After each activation, you should check whether WordPress is still working or whether it is displaying error messages. Incompatibilities between plugins cannot be ruled out.
Only when all plugins are working is the theme finally updated and activated – now it becomes clear whether any important changes still need to be made to the theme or whether it is ready for productive use.
The finished system can be transferred back to the production system via the Duplicator.