Most broken WordPress sites this week look the same from the outside: a blank page, a 500 error, or a contact form silently swallowing enquiries. The owner clicked update, the dashboard said “success”, and nobody noticed for two days. This WordPress 7.0 update checklist is for the small business owners who’d rather not be the next example.

WordPress 7.0 “Armstrong” landed in May 2026 and the update button is now waiting on your dashboard. If your site brings in leads, bookings, or sales, the ten minutes you spend before pressing it will save you a worse afternoon later. The order below is what I’d run on any small business site I look after: back up properly, check plugins, confirm hosting can handle it, then test the pages that actually pay the bills.

WordPress site?

Our WordPress hosting includes daily backups, free SSL, automatic updates, and LiteSpeed caching – from £4.99/month.

Explore WordPress Hosting →

What’s in This Post

What changed in WordPress 7.0

WordPress 7.0 “Armstrong” is the first major version to ship built-in AI features in core. The dashboard now includes an AI assistant for content and admin tasks, the block editor has new design controls, and the under-the-hood changes for developers are larger than a typical point release.

If you edit your own pages, the admin will feel different. Buttons have moved, the block inserter behaves differently, and the AI panel takes up screen space whether you want it or not. None of that breaks your site, but it does mean you’ll spend the first hour after updating relearning a few habits.

The AI integration is the part that needs a closer look. Anything that can generate content, change settings, or call an external service inherits whatever access the WordPress user has. If five people share the same admin login, five people can now ask the AI to publish a page or pull data from a connected service. Decide who gets that capability before you turn it on.

Source: WordPress 7.0 “Armstrong” release notes.

Should small businesses update straight away?

Yes, with a backup and a plugin check first. Sitting on an old WordPress version for six months is how small sites end up on a security blog as a cautionary example. Rushing a major update without testing is how a Tuesday afternoon turns into a support ticket queue.

The risk you’re managing depends on what your site does:

Site type Suggested approach
Brochure site Back up, update, test the contact form
Lead generation site Back up, test forms and analytics, update, retest
WooCommerce shop Update on staging first, then live during a quiet hour
Booking or membership site Confirm plugin compatibility before touching live
Heavily customised build Get your developer to update it

One rule sits above all of these: if your site already has problems you’ve been ignoring, fix those before a major update. Armstrong will surface them, often loudly.

Step 1: Take a proper backup

A WordPress backup has two parts. The files (themes, plugins, uploads, custom code) and the database (pages, posts, orders, settings, users, plugin data). You need both to restore a site cleanly. A theme folder on its own gets you nowhere when the database goes sideways.

Before you press update, confirm four things:

  • The backup finished without errors
  • You know exactly where it lives
  • You’ve actually restored from a backup before, or you know who to call who has
  • It includes files and database

Managed hosting accounts often include automatic backups. Useful, but verify the restore button works before you rely on it. I’ve watched a site owner sit on the phone for forty minutes with a host whose “one-click restore” pulled a backup from two weeks earlier, after the orders had moved on.

If you host with Webfort, ask us to confirm your backup position before a major update. If you manage WordPress inside Enhance, our walkthrough on getting started with WordPress in Enhance covers where the backup tools live in the control panel.

Step 2: Check plugin and theme compatibility

Plugins, not core, cause most WordPress update failures. Patchstack’s 2026 security report counted 11,334 new WordPress vulnerabilities in 2025, up 42% year on year, and 91% of them sat in plugins. The fewer plugins you carry into a major update, the smaller the surface for something to go wrong.

Open Plugins > Installed Plugins and answer these questions about each one:

  • Has it received an update in the last six months?
  • Does the readme list a recent WordPress version as tested?
  • Do you still use it, or is it left over from a previous theme?
  • Is another plugin already doing the same job?
  • Does it touch payments, logins, forms, bookings, or customer data?

Delete the ones you don’t use. Update the ones you do, unless a specific developer note says to update WordPress first (rare, but it happens). Pay special attention to security, cache, form, and page builder plugins. Wordfence keeps a running list of the active threats in those categories on its security blog, and a quick check before a major update is worth the five minutes.

Themes get less attention but cause just as much trouble, especially commercial themes that haven’t shipped an update in a year. If you’re using a child theme over a parent, check both.

Reviewing plugins before a WordPress 7.0 update checklist run on a small business site
Spend ten minutes auditing plugins before the update, not ten hours debugging after it.

Step 3: Check your PHP version and hosting setup

WordPress runs on PHP. Your host decides which versions you can choose, how much memory each site gets, and how painful recovery is when something goes wrong.

Check your PHP version in Tools > Site Health, or in your hosting control panel. WordPress 7.0 still runs on PHP 7.4, but 7.4 hit end of security support in 2022. If you’re below PHP 8.1, that’s a separate problem worth fixing before you layer a core update on top. Move to a supported PHP version first, test the site, then update WordPress. Two changes on the same afternoon makes the cause of any breakage almost impossible to find.

A hosting plan that won’t get in your way looks like this:

  • Backups you can restore yourself, today, without raising a ticket
  • PHP version switching from the control panel
  • Enough memory headroom that the editor doesn’t choke on a long page
  • SSL included as standard
  • Support staff who answer in WordPress terms, not generic “have you tried turning it off and on”

Webfort runs each site inside its own isolated container, so a problem on one site can’t leak into another. We’ve written about the technical side in isolated container hosting, but the short version is that your neighbours can’t sink your update day.

If you’re on bargain shared hosting with no backup visibility and a 24-hour support queue, a major WordPress update will feel scarier than it needs to. Our piece on cheap UK web hosting for small businesses sets out what to look at before trusting a bargain plan with a revenue-generating site.

Step 4: Test the pages that make money

Looking at the homepage and declaring victory is the single most common mistake after a WordPress update. The homepage almost always survives. The contact form on page 14 that uses a six-year-old plugin is where the problem hides.

Walk through everything a paying or enquiring customer would touch:

  • Contact and quote forms (submit a real test enquiry, then check the inbox)
  • Checkout, if you sell anything
  • Booking and appointment flows
  • The login page for customer or member accounts
  • Landing pages you’re running ads to
  • Mobile navigation, including any sticky bars or pop-ups

Test on a phone. Most owners build and update on a desktop, then forget that two-thirds of their traffic arrives on a 6-inch screen with a fat thumb on the menu button.

If the site goes down during testing, don’t start randomly disabling plugins. Our website down checklist covers the order to work through, because panic fixes are how a ten-minute issue becomes a two-day outage.

Step 5: Check security after the update

Updating core ticks one box. The boxes that catch most small businesses out sit elsewhere:

  • Old admin accounts belonging to an agency you stopped working with two years ago
  • One shared “admin” login used by three people
  • An inactive plugin still sitting in the plugins folder, still receiving HTTP requests
  • SSL working on the homepage but failing on a subdomain
  • A form with no spam protection collecting 400 dodgy submissions a week

Spend twenty minutes on Users > All Users and audit who has access. Delete dormant accounts. Force a password reset on anyone who’s still active. Turn on two-factor authentication for admins.

WordPress 7.0’s new AI integrations add a fresh question to this list: which logged-in users can talk to the AI, and which services has it been connected to? An AI assistant with publish rights is functionally an extra admin. Treat the permissions accordingly.

Is your website holding your business back?

Run our free 30-second health check – no signup required. Check speed, security, and SEO issues instantly.

Check My Website →

Step 6: Check speed and Core Web Vitals

Run a speed test before you update and another one straight after. PageSpeed Insights is free and tells you what Google cares about. Test the homepage and one or two pages that customers actually convert on, because those numbers usually look different.

The post-update problems to watch for:

  • Largest Contentful Paint slowing down (usually images or a sluggish server response)
  • Interaction to Next Paint getting worse (heavy JavaScript, often from new plugin versions)
  • Layout shifts from fonts or embeds loading in the wrong order
  • Cache plugins reverting their settings or refusing to flush
  • Image optimisation or lazy loading silently breaking

The fix for a slower site after an update isn’t installing three more optimisation plugins. Check hosting response time, your cache configuration, your images, and the scripts your theme is loading. Good hosting won’t solve a bloated front end, but it gives WordPress room to breathe.

WordPress 7.0 update checklist

The whole process on one page, in the order I’d run it.

Before updating

  • Take a full file and database backup, and verify you can restore it
  • Update plugins and themes where appropriate
  • Delete plugins and themes you no longer use
  • Confirm your PHP version is 8.1 or higher
  • Pick a quiet hour, not Monday 9am
  • Use staging if the site handles sales, bookings, or memberships

During the update

  • Update WordPress core
  • Clear caches
  • Load the homepage and the admin dashboard
  • Watch for PHP errors in the hosting panel
  • Don’t change anything else at the same time

After updating

  • Submit a real test through every contact form
  • Test checkout, bookings, or logins if you have them
  • Check mobile navigation and any pop-ups
  • Confirm SSL on the whole site
  • Run PageSpeed Insights on two or three pages
  • Check analytics is still recording visits
  • Confirm the next scheduled backup runs

If your hosting makes parts of this list difficult, that’s the useful signal. A good host removes friction from update day, it doesn’t add to it.

Final thoughts

WordPress 7.0 is worth updating to. The AI features will get more interesting over the next few releases, the editor improvements are genuine, and the security gains alone justify the change.

The reason small business updates go wrong isn’t the update itself. It’s skipping the boring ten minutes beforehand and the boring ten minutes afterwards. Back up, audit plugins, confirm hosting, update, test what matters. That’s the entire job.

Want a second pair of eyes before you press update? Run your site through our free website check, or get in touch about WordPress hosting that makes update days quiet.