WordPress: Auto-update is not your friend

1. Automatic plugin updates can potentially break your site as well. There are just too many variables, such as different server environments and plugin combinations.
2. Now it’s important to know that these updates will not break the vast majority of websites. Even so, you may feel you don’t want to take the risk.
3. Did you know that simultaneous updates can overload your server? This can crash your website.
4. Auto-updates increase the risk of vulnerabilities. This can open the door to hackers.
5. Plugin/Theme conflicts can break your site too. Updating manually allows you to check for possible conflicts and test each update before moving forward with the next one.
6. Auto-updates happen when you aren’t online or available. Surprise – there might be changes in UI or website functionality due to an update without your knowledge!

Despite the security benefits, there is always the chance that these automatic background updates can break your website – and you won’t know about it until someone tells you your site is “looking or behaving weird”. 

The core WordPress team, responsible for releasing updates, tries to make sure that WP core updates go smoothly. If you or your web developer modify WordPress core files, then these automatic updates can override them (aka break the site).

Same goes if WordPress ever felt it necessary to push out a security update for a theme you are using, there is a chance that it will break your website if auto-updated. This particularly applies if you or your web designer have modified your theme files.

Suggestions for NOT using auto-update: 

1. Easy Updates Manager Plugin keeps a log of what’s updated, so if anything does break on your site, you can roll back to a previous working version. 
2. Hire a web developer to manage your updates monthly (YourPlanB can help!)
3. Use auto update only on WordPress core updates, and monitor your site regularly.

NOTE: No matter what you decide, make sure you have a BACKUP plan for your site so you can quickly roll your site back to a version that is working well. 

 

When are auto-updates a good thing?
Overall, our philosophy is that providing automated updates is a good thing for a subset of WordPress sites. Blogs and informational or promotional sites which can often go unattended for months or years are at higher risk of being hacked via outdated plugins or themes. For these sites, the risk of being hacked outweighs the risk of an automatic update gone awry. However, for other kinds of sites, automated updates may create problems. 

No matter what you chose, PLEASE keep your WordPress sites up-to-date!
All these updates consist of bug & security fixes. So, if you can update your WordPress Core as well as the plugins & themes regularly, then you can save your website from getting hacked. 

Resources:

• How to Disable Automatic Updates (video) 
• Wordfence.com 
• October 2020 issue with auto-update and version 5.5.3 
• How to update WordPress 
• WordPress Maintenance guide 

We are your wordpress admins.
We are your web design team.
We are Your Plan B.