How Should Agencies Sequence WordPress Core and Plugin Updates Across a Client Fleet?

At fleet scale, update order is not a preference; it is a governance protocol with real liability attached. For a single site owner, updating core before plugins is a judgment call they make once and rarely revisit. For an agency managing 40 client sites, every ad-hoc decision that touches live production is a liability exposure. If a plugin conflict takes down a client’s e-commerce checkout at 2 a.m., “I update things in whatever order feels right” is not a defensible answer to a client paying for managed WordPress maintenance.

The shift from preference to protocol happens the moment you have more sites than one person can manually verify in an afternoon. At that scale, you need a sequence any team member can follow, a staging logic that catches regressions before they reach production, and a documented escalation path for the cases where the standard sequence breaks down.

Update sequencing is part of your operating layer. It belongs in a runbook, not in someone’s head.

The default rule for a well-run fleet is core first, then plugins. WordPress core sets the API surface that plugins depend on. When a plugin update assumes a function or hook that does not yet exist in your installed version of core, you get a fatal error. Updating core first eliminates that dependency mismatch before it can surface in production.

There is one significant exception: a new major version of WordPress core that ships significant architectural changes. Pushing core immediately to all sites creates a different risk, because plugins that have not yet released a compatibility update will break in production. The protocol for major releases is not “skip core first” but “stage core first,” which is a distinct approach covered in the next section.

For minor releases (e.g., 6.6.1, 6.6.2) and security releases, core-first is clean and fast. Apply it without hesitation across the fleet. For major releases, move to the staged rollout protocol and hold the fleet until your canary results are clean.

Security releases warrant the fastest possible response, and the sequencing question is essentially already answered: core first, then plugins, as quickly as your process allows. The standard sequence for a minor or security core release across a fleet runs as follows.

1. Apply core to a staging environment first. Verify the admin loads, the front-end renders, and no fatal errors appear in logs.
2. Push core to the fleet in batches. Groups of 10 to 15 sites rather than all at once, so a site-specific conflict does not propagate before you catch it.
3. After core is confirmed stable fleet-wide, run plugin updates in the same batched order. Plugins that touch core APIs (page builders, WooCommerce, caching layers) go last, after smaller utility plugins have been verified clean.
4. Log the run. Site names, versions before and after, team member, any anomalies observed.

The log is not bureaucracy. It is the audit trail that lets you reconstruct what happened when a client calls and reports a broken form they noticed sometime last week. For a complete picture of how this sequencing fits into a broader monthly WordPress maintenance routine, that cadence post covers the full operating rhythm.

Major core releases require a deliberate pause before fleet-wide deployment, because plugin compatibility lags are common and the blast radius of a bad push is high. The staged rollout protocol runs in four steps.

First, designate a canary site. This is a lower-stakes client site or an internal site that you update immediately when the major release ships. Run it on the new version for at least 48 to 72 hours before touching the rest of the fleet. Monitor error logs actively during this window.

Second, audit your plugin inventory before the core update, not after. For each site, identify which plugins are flagged as incompatible with the new version. Most plugin authors publish compatibility notices in the WordPress.org repository or their own changelogs before a major release ships. If a critical plugin on a site has not confirmed compatibility, hold that site back from the major release until it does. Running a fleet-level plugin risk audit before a major release is how you find those conflicts before they find you.

Third, segment the fleet by risk tier. Sites with complex plugin stacks (WooCommerce, membership plugins, custom Connectors) update last. Simple brochure sites update early in the staged rollout.

Fourth, define a rollback threshold before you push. Establish what a bad outcome looks like and how you will detect it: a broken checkout flow, a fatal error in logs, a visual regression on a critical page. If you see that signal within 24 hours of the update, roll back the site to the prior snapshot immediately. Do not wait to investigate first.

The block editor regression that shipped in a recent major release is a clear example of why this protocol exists. Agencies that staged their rollout caught the regression on a canary site and held the fleet. Agencies that pushed all sites at once spent the weekend on client calls.

A plugin that prevents a core update is a risk signal, not just an inconvenience. When a WordPress core update is not showing in the admin, or the update is blocked with a compatibility warning, treat it as a diagnostic prompt rather than something to override.

• Confirm the plugin has a version that supports the target version of core. Check the plugin’s changelog and the WordPress.org compatibility data. If the maintainer has not yet released a compatible version, the hold is legitimate and the right move is to wait.
• Check whether the plugin is still actively maintained. A plugin with no release in two years that is blocking a core update is a more serious problem than a compatibility lag from a maintained plugin. That belongs in your fleet-level plugin audit, not just in the update queue.
• Check whether the error is a hard block or a soft advisory warning. WordPress sometimes displays compatibility notices that are informational rather than fatal. Test the update on staging with the plugin active before assuming the live site will break.
• If the plugin is abandoned and essential to the site, escalate to the client. A core update that cannot proceed because a critical plugin is unmaintained is a scope conversation, not a solo technical decision.

Overriding a core update block without understanding why it exists is how you get a site-down call at an inconvenient hour. The diagnostic steps take minutes; recovery from a bad override can take hours.

The goal of a fleet-level update runbook is to remove yourself from the critical path. If every update decision requires your personal judgment, you have not built a system; you have built a dependency.

A minimal update runbook for a WordPress agency covers these elements:

• The standard update sequence: core first, then plugins, applied by risk tier
• The escalation triggers that require senior review: major core releases, blocked updates, sites with custom Connectors, any update that touches a client’s payment or membership system
• The pre-update checklist: backup confirmed, staging test completed, error log baseline captured
• The post-update verification steps: admin loads, front-end spot check, no new errors in logs
• The rollback threshold and the exact procedure for executing it
• The logging format: site, date, versions before and after, team member, anomalies

Store the runbook where your team can access it. Update it when a scenario arises that it does not cover. The first time a junior team member handles a fleet-wide minor release without incident, you have evidence the system works.

For agencies running a formal monthly maintenance cadence, the update runbook is one module within that larger routine. The sequencing logic here slots directly into that cadence as a defined step within the operating layer you already run, not as a separate process to manage alongside it.