Should you use WordPress auto-updates?
Auto-update saves time and relieves from manual processes, but risks your site sustainability for any threat or break. Take advantage of the auto-update feature with competing plugins and norms backup and restore measures in place.
WordPress is the most popular Open Source brand in content management systems powering 40% of all the websites or blogs on the internet.
WordPress 3.7 onwards, the automatic updates for minor and security releases were the standard features introduced. Over time, for the nature of its security transparency, WordPress became prone to hacking. To protect your WordPress, the non-block editor release #5.5 introduced an auto-update option for major or core updates last year, August 11, 2020, for themes and plugins. It allowed enabling auto-updates on a plugin-by-plugin and theme-by-theme update basis.
Importance of Auto-update
The site owners got an option to turn on the auto-updates directly from the WordPress admin dashboard. By doing this, WordPress runs the WP-Cron (a CronJob that handles scheduling time-based tasks) in iterations to check on the updates, download, and install. About 98 % of WordPress malware infections, due to vulnerabilities, are plugin-related meant for extending the features of a website? Few vulnerable plugins such as Event Calendar, Ultimate Member, Coming Soon Page, Ninja Forms, Duplicator Pro, etc., are most common.
Challenges with Auto-update
If you had customisations to the core, the updates would tamper with the core files on automatic updates’ potential inferior situations.
The auto-update also posed a new challenge if your website breaks and evaluating the cause of breaking and navigating to the affecting plugin. As the updates are run in the background, you may not know when they’ve been through and what caused the site’s breaking. If skipped fixing, the overrunning piles up multiple issues and invites overheads. These considerations discourage us from using the new WordPress auto-update feature.
To prevent your site’s risk from breaking from the auto-update is to engage WordPress Toolkit with smart updates. It works in a queasy manual mode; you get to view a side-by-side preview of the before, and after scenario of your site, so you can decide to commit the updates or not. The smart updates utilise artificial intelligence to analyze the update and recommend what is safe to go ahead with.
The options of rolling back through Restore Points and Backups secure your site data. To roll back install and activate the WP Rollback plugin.
Auto-update – Merits and Demerits
On a merit side, running auto-update ensures your website updates the latest update or security patch instantly upon release. The free and automatic update feature lures website owners, as they are relieved from manual logins and managing for security aspects. Enabling the auto-update for everything will update your plugins and themes without you knowing.
As the updates run in the background, we now need to be vigilant to know when and what has updated. This is to trace what could have gone wrong should the site broke due to any bad auto-update.
Moreover, your website’s regular backups using the WordPress backup plugins, such as UpdraftPlus are advisable to avoid losing the website and restore if the whole site goes down due to an unexpected update. Backup plugins help to store and restore files to and from a remote location like Google Drive, Dropbox, etc.
Backup is an important layer of security.
Talking about the demerits, when the auto-update features install, updates will not verify the compatibility or check for any conflicts with the plugins and scripts. The possibility of new vulnerabilities getting introduced in the latest version of the software is risky too. Any third-party (non-official WordPress) themes/plugins are subject to the effect.
Enable/Disable Automatic Updates in WordPress
Minor releases, by default, are enabled for automatic updates. They automatically install security updates without user intervention. However, the plugins and themes needed to be updated manually.
For major releases, however, outside the managed WordPress hosting service, you are required to initiate the updates manually.
To disable the default auto-update option, edit your wp-config.php file to add the below line:
define( ‘WP_AUTO_UPDATE_CORE’, false );
And to enable,
define( ‘WP_AUTO_UPDATE_CORE’, true );
Additionally, if you don’t want development updates included, but just the important security, minor and major changes, then add the following line in your functions.php file.
add_filter( ‘allow_dev_auto_core_updates’, ‘__return_false’ );
You may choose to update through the Advanced Automatic Updates free plugin.
After you download and install the plugin navigate to Settings > Advanced Automatic Updates:
Here you can set to update WordPress Core automatically for major versions or minor versions and also for official WordPress themes.
Note that Manual updating for a couple of websites is practical, and for multiple sites, it’s time-consuming and cumbersome efforts. Say, a good 30 minutes per update plus backups consume considerable time.
Auto-update for WordPress
There is no right answer to the question, “should you use WordPress auto-updates?” This is because you save time by simply relying on auto-update. This is advised for a small number of sites — however, risky for numerous sites when examined for risks and any breaking.
Considering the best out of auto-update feature, the below guidelines are recommended to follow:
- Safe backup – practice regular backups. You may go for the automated backup feature where you can run a backup on demand.
- Restore as required – in the event the fix is hard, quickly restore your website to its pre-update state.
- Check the completeness – after restoring, verify if the site data is intact. This helps to relate if the forthcoming update might break anything.
- Run update – when ready, run the update afresh. It would help to trace to the affected plugin if anything went wrong in the update.
- Check for correctness – after running all updates, check through the website to see if anything broke.
- Restore if the problem seems more than cosmetic. Analyze the issue and seek the fix to address it separately. For any visual symptoms of a broken website, disable the updated plugin or theme manually.
Irrespective of the advancements to WordPress updates and security, you still need server-level security and administration. Based on your scope and complexity, the WordPress platform sites decide to use the automatic update smartly, in conjunction with the manual updates as feasible.
A WordPress Toolkit coupled with a full proof backup plugin assures keeping your websites secure and updated. Server-side backups, such as CDP Backup can be configured to backup your sites on a scheduled timeline.