by Mehdi KaramAli
November 5, 2013
Every WordPress version comes with its share of joys and sorrows. However, the newest version of WordPress—3.7—comes with a feature which has started a big discussion: Is WordPress auto upgrade feature good or bad? And, whenever there is a discussion on the web, you always see many sides of the story.
WordPress currently powers a fifth of all the websites on the web. Being the most popular, it is also more prone to hacking attempts. Every new version comes with its share of fixes. So, using the latest WordPress version is an industry best practice. Many of the minor updates, for e.g. 3.7.1, are usually based on security fixes. However, the default auto update will not change the core version, i.e. a WordPress 3.7 version installation will not be updated to 3.8. (Though you will be notified once the newest version is out.) [Note: There is a way to allow major updates too. Check the post by Andrew Nacin on this issue.]
WordPress has introduced the auto upgrade feature in its 3.7 release. This feature allows the automatic updates on the WordPress core without any user input. Simply put, updating from 3.7 to 3.7.1 will occur without human intervention. For many, this is a joy, but there are others who are frowning at this feature. They simply argue that the auto upgrade feature is “forced” upon.
Well, there is one big use of this feature and that is security. Furthermore, to make sure minimize upgrading issues, WordPress has provided a plug-in called Background Update Tester. It checks if your WordPress website is ready for its update. If your site fails the procedural test, it informs you about the reasons why it won’t support automatic upgrade, and if necessary, what do you have to ask your web host. The update process is swift and takes less than a minute which includes the downloading and installation time. During the update, the website goes into a ‘maintenance mode’ for a few seconds.
Furthermore, automatic updates will also support older versions too (but this will apply to versions 3.7 and above). For example, if the current version is 3.8.1 and it is being updated to 3.8.2 for an important security issue, there can be a possibility of 3.7.2 for the websites which still are on 3.7 and 3.7.1 versions along with a suggestion to move to the newest version which in this example is 3.8.2. This is being done to make older version much more secure. As of October 25, there were more than 110,000 successful updates. However, there are many who are complaining.
While many are impressed by this step, there are users who are cross about it. Their biggest argument is that automatic upgrades on WordPress, no matter how small or important, can bring big headaches, especially for users who are using a lot of plug-in or a customized theme or both.
They believe that even though WordPress acted in good faith by looking after its user base, they did not cater to the needs of user who do not want this feature. WordPress, however, has provided a simple solution for these kinds of users.
To disable WordPress auto updates, simply put the following line of code in your WP-CONFIG.PHP file:
# Disables all core updates:
define( ‘WP_AUTO_UPDATE_CORE’, false );
If you wish to allow auto-updating again, you should find the above mentioned code and replace it with the following code:
# Enables core updates for minor releases (default):
define( ‘WP_AUTO_UPDATE_CORE’, ‘minor’ );
However, putting codes seemed not like a very great option. All sort of WordPress users and experts have complained about the coding solution to disable the automatic updates. A WordPress user commented:
“Running multiple WordPress sites myself, I am not happy with the [shortsightedness] of WP core developers requiring users to go into each site files and make changes to “Opt-Out”. While you are getting better at releases not killing sites, there are too many variables that can have a negative effect on a site by allowing unattended updates.”
And it seems that who really believe that this is a genuine issue. Another user commented:
“I agree strongly with several of the commenters who are asking for a simple, non-intrusive way — a “checkbox” if you will, not requiring editing wp-config or adding plugins — to control whether WP updates automatically when “maintenance and security” updates are available. Here’s why…
“It has been beaten into me — time and again — by various WP security experts to ALWAYS take a backup before applying ANY kind of software update, including any type of update WP core update, lest you want to place your site at risk for an update breaking your site. And I beat this same message into my students, too. (I teach classes in WordPress.) Why should this change now? Because the core team tells you it’s “safe” to assume there will be no problems? Sorry, as much as I’d like to believe that, old habits (esp. regarding site security die hard). So, I’m not going to change this practice any time soon — at least until there is a clear track record of auto-updates resulting in ZERO failed sites. (Not sure how WP can track this — so, that probably means I’ll never deviate from the practice of taking backups before updates.)
“The question then becomes: is it too much to ask someone to install a plugin or edit wp-config to turn off the auto-updates? My vote: YES it is.”
Well, to ease the pain of this issue, plugin developers Geogre Stephanis and Chip Bennett have developed a small plugin which does all the tricky coding bits for you. So, try Update Control for now and save you from hassle. Not only it turns Automatic Updates off, it can also define what kind of updates can be placed.
Another plugin comes from Gary Pendergast under the name of Advanced Automatic Updates. This plugin is more complex than the one mentioned above as it even checks your plugins and themes for upgrades. It also works on a multisite setup.
We have a team of 20 WordPress developers and data managers in our team at Cloudways who manage hundreds of WordPress sites for our prestigious clients [See our client testimonials]. We did an in-house survey to listen what they are saying about this new feature. Everyone has a similar perspective that automatic updates are a problem with the sites.
One of our WordPress website manager said: “It’s always better to go manual while updating a site. It helps us to test it for the possible bugs. Automatic updates can mess up the whole website, especially the plugins. Testing and backups are important.”
[What we recommend: 5 Best WordPress Backup Plugins For Worriless Sleep]
We think it is a great idea that WordPress has allowed this great feature. Security is the greatest priority at any level of a web deployment. However, if it breaks anything, Cloudways is here to fix it for you.
Moreover, do let us know if you like or dislike this new auto update feature of WordPress in the comments section below. We are waiting for your responses.
Join over 1 million designers who get our content first.