WordPress Automatic Updates: How to Enable, Disable & Manage in 2026 (Detailed Guide)

Over 43% of all websites are powered by WordPress (W3Techs). That scale also makes it the #1 target for attacks. Outdated plugins, themes, and core files are among the most exploited entry points.

So, keeping your WordPress site updated is no longer optional. It’s a necessity. And manually going through every update isn’t the most efficient use of your time.

Updating WordPress sites was a hassle with older versions, but with the release of WordPress 3.7, automatic updates for security releases and other minor amendments have become standard. However, not everything is auto-updated by default. Major releases, plugins, and themes all require manual opt-in or configuration.

WordPress has also gotten better at handling failed updates. But as we’ll cover in this guide, native rollback still has real limits that every site owner should know about.

If you’re on Cloudways, SafeUpdates automates the entire update process for you. More on that later.

What Are Automatic Updates in WordPress?

WordPress 3.7 introduced automatic updates to improve security and ease site administration. These automatic updates are enabled for all minor releases, keeping maintenance and security releases up to date without any manual involvement.

Automatic updates are enabled on most sites by default, but the level of control you have over them is much wider than most people realize.

Different Types of WordPress Automatic Updates

WordPress automatic updates are mainly divided into four types:

Core updates contain the core WordPress files. These break down into three sub-types:

• Core development updates are only available on development or beta installations, not on live sites.
• Minor core updates cover security patches and maintenance fixes. These are enabled by default on most WordPress installations.
• Major core updates cover new WordPress versions and features, like moving from 6.8 to 6.9. These are not enabled by default and require a manual opt-in.

Plugin updates cover bug fixes, improvements, and new features for your installed plugins. Not auto-updated by default.

Theme updates cover changes and fixes to your installed themes. Not auto-updated by default.

Translation file updates keep your WordPress language files current. These are auto-updated by default and are low-risk since they don’t touch any core functionality.

How to Manage WordPress Automatic Updates (4 Methods)

You can manage WordPress automatic updates in several ways. The four methods below cover everything from a simple dashboard toggle to code-level control for developers. If any of the methods involve code, it’s included directly so you can copy it without needing to look it up.

Method 1: Using the WordPress Dashboard

You can directly manage WordPress automatic updates from the WP-admin dashboard. WordPress minor updates (security and maintenance releases) are enabled by default, and you can’t disable them from the dashboard. However, you may enable updates for major releases by following the steps below:

1. Go to your WordPress Dashboard > Updates.

Note that this menu item only appears in the sidebar when updates are available. Here you’ll see pending updates for Core, Plugins, and Themes.

2. Click on the Switch to Automatic Updates for Maintenance and Security Releases Only link to enable major updates.

3. You’ll see the following message: “WordPress will only receive automatic security and maintenance releases from now on.”

4. Next, click the Enable Automatic Updates for All New Versions of WordPress link. You will see a message notifying you that the automatic updates have been enabled.

Enabling Auto-Updates for Individual Plugins

WordPress 5.5 made this even easier. You can now enable auto-updates for individual plugins directly from the dashboard without touching any code.

1. Go to Dashboard > Plugins > Installed Plugins.

2. You’ll see an Automatic Updates column next to each plugin. If you don’t see it, click Screen Options at the top right of the page and enable it.

One thing to keep in mind though: don’t turn this on for every plugin at once. For plugins that affect your checkout, layout, or database, it’s better to update them manually or use SafeUpdates so everything gets tested before going live.

Enabling Auto-Updates for Individual Themes

The same thing works for themes.

Go to Appearance > Themes, click on any theme, and you’ll see the Enable Auto-Updates option in the detail panel.

Method 2: Using the wp-config.php File

You can also manage WordPress updates using the wp-config.php file. However, you must be extra careful and correctly include the line of code. You can use FileZilla FTP Client to access the wp-config.php file. Follow the steps below:

1. Access your WordPress site’s files via FileZilla.

2. Open the public_html folder.

3. Click on the wp-config.php file and download it.

4. Add the relevant line of code just before the /* That's all, stop editing! Happy blogging. */ line.

To enable all core updates including major releases:

define( 'WP_AUTO_UPDATE_CORE', true );

To enable minor updates only (default behavior):

define( 'WP_AUTO_UPDATE_CORE', 'minor' );

To disable all core auto-updates:

define( 'WP_AUTO_UPDATE_CORE', false );

Save the changes and re-upload the wp-config.php file to your public_html folder.

Note: The wp-config.php file is among your site’s primary and critical core files containing database connections and passwords. Even a single change can crash your site, so be careful when editing.

Method 3: Using API Filters

Another method to enable WordPress automatic updates, useful for developers, is via API filters. WordPress provides several filters that let users control the updates.

We can automate the core, plugins, themes, and translation files by returning true through the auto_update_core, auto_update_theme, auto_update_plugin, and auto_update_translation filters.

The best practice is to add the API filters in the Must-Use plugin folder, located in public_html > wp-content. These plugins do not appear on the WordPress Plugins screen, so they can’t be accidentally disabled or removed by site admins.

Here’s a look at the filters:

To disable all automatic updates:

add_filter( 'automatic_updater_disabled', '__return_true' );

To enable automatic core updates:

add_filter( 'auto_update_core', '__return_true' );

To enable automatic plugin updates:

add_filter( 'auto_update_plugin', '__return_true' );

To enable automatic theme updates:

add_filter( 'auto_update_theme', '__return_true' );

If you want to auto-update only specific plugins rather than all of them, you can do that too. Add this to your must-use plugin file and replace the slugs with the folder names of the plugins you want to target:

function my_selective_plugin_updates( $update, $item ) {
    $plugins = array( 'akismet', 'wordfence' );
    if ( in_array( $item->slug, $plugins ) ) {
        return true;
    }
    return $update;
}
add_filter( 'auto_update_plugin', 'my_selective_plugin_updates', 10, 2 );

Method 4: Using Plugins

If you’d rather not touch any code, plugins are the easiest way to manage auto-updates. Easy Updates Manager is the most popular option for this, with over 700,000 active installs.

• Install and activate the Easy Updates Manager plugin on your WordPress website.

• Once activated, you’ll see the Updates Options menu in your admin bar.

• From here, you can configure automatic WordPress updates for your site’s core, plugins, and themes individually.

Easy Updates Manager lets you disable and enable all updates with one click.

You can also deeply customize your update settings, configure email notifications, and a lot more.

What Happens When a WordPress Auto-Update Fails?

Setting up auto-updates is the easy part. Knowing what happens when one goes wrong is just as important.

WordPress 6.6’s Built-In Rollback

WordPress 6.6 (July 2024) added automatic rollback for plugin auto-updates that trigger a PHP fatal error on the front page (WordPress.org). Before 6.6, this safety check only existed for manual plugin updates, introduced in WordPress 6.3. Now it covers automatic updates too.

When a plugin update causes a fatal error, WordPress rolls it back automatically and emails the site admin with the details.

What the Native Rollback Doesn’t Cover

Native rollback is a step forward, but it has real limits. It only checks for PHP fatal errors on the homepage. It won’t catch:

• A broken layout or visual shift
• A JavaScript error
• A WooCommerce checkout failure
• Issues on inner pages or in the admin area
• A drop in page speed

Auto-updates also run via WordPress Cron, which fires roughly every 12 hours. So an update could go live at 2am, and if something breaks that isn’t a PHP fatal error, it may sit unnoticed until morning.

Should You Enable WordPress Automatic Updates?

Sure, auto-updates save you time and keep your WordPress site secure, but they’re not a one-size-fits-all answer. And enabling them depends fully on the kind of site you’re running.

When to Enable Auto-Updates

On most standard WordPress installations, all minor core updates and security patches are auto-updated by default. And the risk of NOT patching a known vulnerability is higher than the risk of a minor update breaking something.

If you own a simple site like a blog, a portfolio, or a brochure site with few plugins and no custom code, your site is a good candidate for full auto-updates.

And if you don’t have time for regular manual maintenance, auto-updates are better than letting your site go weeks without updates.

Patchstack revealed that 50% of critical WordPress vulnerabilities are actively exploited within 24 hours of public disclosure (Patchstack). So never delay your updates.

When to Be Cautious

There are situations where enabling auto-updates can backfire. Avoid them if you own a WooCommerce store or any site with a checkout flow. Because a plugin auto-update may break your payment page, go unnoticed for hours, and cost you real money.

Also be cautious if your site has multiple interconnected plugins. When multiple plugins update simultaneously and something breaks, figuring out which one caused it becomes a real struggle.

Have a site with custom code or a custom theme? Plugin auto-updates don’t always play well with custom-built functionality.

For agencies managing client sites, if an update breaks a client site at 3am and nobody notices until morning, that’s a support problem.

Finally, it doesn’t work well for developers who need to review changelogs before applying updates, especially for plugins that touch the database or affect user data.

The point isn’t to scare you away from auto-updates. It’s to help you make the right call for your specific situation. And if you want the best of both worlds, automated updates that are also tested before going live, that’s exactly what SafeUpdates does.

How to Disable WordPress Automatic Updates

Even though auto-updates are great for security, there are valid reasons to disable them. If your site has custom code, complex plugins, or a checkout flow you can’t afford to break, taking manual control makes sense. You can do it in two ways.

Disabling Automatic WordPress Updates Using Code

Earlier, I demonstrated using the wp-config.php file to activate automatic updates. You can disable them using the same steps and making the code changes below:

define( 'WP_AUTO_UPDATE_CORE', false );

You can also disable updates using filters. To disable theme and plugin updates, add the following filters in your theme’s functions.php file:

add_filter( 'auto_update_theme', '__return_false' );
add_filter( 'auto_update_plugin', '__return_false' );

Disabling Automatic WordPress Updates Using a Plugin

Another way to disable automatic WordPress updates is by using a plugin. You can use the same Easy Updates Manager plugin used earlier to automate updates.

1. Go to Dashboard > Updates Options > General
2. Choose the Disable All Updates option

Note: It is not recommended to disable all updates permanently. Outdated plugins and themes are among the leading causes of WordPress security issues. Instead, explore each option individually, like WordPress core updates, plugin updates, and theme updates, and configure each one accordingly.

SafeUpdates — Automated WordPress Updates on Cloudways

Tired of manually updating your WordPress site and want an automatic system that requires zero attention and performs updates free of any risks or errors? SafeUpdates is the answer to all your site update problems.

SafeUpdates automates the WordPress update process, streamlining maintenance and letting you detect, test, and deploy updates. On Cloudways, you can have this feature starting at $3/month per application for up to 5 sites, dropping to $2/month for 6 or more.

How Does SafeUpdates Work?

Once you activate SafeUpdates on your application, it actively monitors your WordPress application to detect updates. When updates are triggered, SafeUpdates follows the steps below to ensure updates are safe and bug-free:

1. It takes your app’s backup for rolling back if the updates are aborted.
2. It creates a staging application temporarily and executes the updates in the staging environment.
3. It takes a snapshot of your staging environment and performs unit testing, HTML checks, browser console monitoring, and network error detection to ensure the application works fine.
4. Once updates are completed, SafeUpdates takes a snapshot and performs unit testing.
5. It compares the before and after screenshots using proprietary Visual Regression Testing (VRT) algorithms.
6. Once the testing is successful, SafeUpdates updates the production application.

Why Should We Use SafeUpdates?

Using SafeUpdates for your WordPress and WooCommerce sites can be beneficial in many ways:

• Saves you from the manual hassles of updating everything on your WordPress site. All you need is a few clicks.
• It has been tested on more than 100 top WordPress plugins.
• Automatically creates your site’s backup for rolling back if you’re not happy with the updates.
• Updating the core, themes, and plugins gives your site the much-needed performance boosts.
• Takes care of bug fixes, preventing hackers from exploiting vulnerabilities in older versions.
• Saves you a lot of time and risk via automation.
• Cloudways users report saving over 42 hours of WordPress maintenance every month with SafeUpdates.
• Offers a risk-free way to update your website.

How to Automate Your WordPress Updates via SafeUpdates

Activating and configuring SafeUpdates is a breeze for Cloudways users. Here’s how you can easily automate your WordPress updates via SafeUpdates in minutes.

Activating SafeUpdates

• Log in to the Cloudways Platform using your credentials.

• Click on your desired application in the Applications tab.

• Click SafeUpdates.

• Click the Activate SafeUpdates button.

• Once SafeUpdates is activated, you’ll see the On-Demand, Schedule, and History tabs. Now it’s time to configure SafeUpdates.

Configuring SafeUpdates

You can configure SafeUpdates in two ways: On-Demand and Scheduled.

On-Demand

The On-Demand option lets you update your WordPress application’s core, themes, and plugins manually on the go.

• Click SafeUpdates after selecting your application on the Cloudways Platform.
• If you have recently installed a plugin or theme and it’s not visible under SafeUpdates, refresh your page.
• Click the On-Demand tab, and select the items you wish to update.

• Click the Update button.

• The update process will start in the background. You can leave the page and it won’t require any further intervention.

Scheduled

Scheduling your application updates removes the hassle of manually triggering anything, which is where SafeUpdates really shines.

• Navigate to the Schedule tab in SafeUpdates and toggle Automatic Update Settings.

• Select the day from the Day of Week option on which SafeUpdates will run scheduled updates.

• Choose a suitable time.

• Click “Manage Updates” next to the Configure Update List section to select which items (core, plugins, and themes) should be automatically updated when updates are available.

• Enter the email address under the “Notification Email” section to receive update notifications.

• Enable Pre-Notification to be notified when SafeUpdates schedules updates for your application.

• Enable Successful Update and Aborted Update notifications as needed.

• Click Save Changes.

Viewing Update History

The History tab displays the full history of updates, both successful and aborted, executed by SafeUpdates. It’s a quick way to stay on top of what’s been updated and catch anything that needs attention.

How to Deactivate SafeUpdates

You can disable or deactivate SafeUpdates via the Cloudways Platform at any point.

• Click your Application on the Cloudways Platform.
• Click SafeUpdates and turn off the toggle

• You’ll see a confirmation screen for the deactivation of SafeUpdates. Click Deactivate.

Pros and Cons of WordPress Auto-Updates

Final Thoughts

You must keep your sites updated to remain protected against threats. Ever since the release of WordPress 6.6, automatic updates have improved significantly. However, native auto-updates still have many gaps, and any site that’s not a simple blog needs more than just a rollback for PHP fatal errors.

And manually updating plugins, themes, and core isn’t really practical. But tools like SafeUpdates make the job a lot easier, requiring minimal to no manual intervention. It gives you backups, staging, VRT, rollbacks, on-demand and automatic updates, and a lot more.

So, if you want to remain carefree about your site’s updates, an automated tool is the way to go. Use your time doing other things that actually drive your business.

define( 'WP_AUTO_UPDATE_CORE', false );

Sarim Javaid

Sarim Javaid is a Sr. Content Marketing Manager at Cloudways, where his role involves shaping compelling narratives and strategic content. Skilled at crafting cohesive stories from a flurry of ideas, Sarim's writing is driven by curiosity and a deep fascination with Google's evolving algorithms. Beyond the professional sphere, he's a music and art admirer and an overly-excited person.

Get Connected on: Twitter Community Forum