WordPress Security

WordPress Core Merge Makes Plugin & Theme Updates Automatic

Updated on: May 19, 2020

WordPress Core Merge Makes Plugin & Theme Updates Automatic

When the context is about security, we know how crucial it is to regularly update WordPress installations. The average WordPress website is attacked by malware 44 times a day. From weak plug-ins to insecure themes, anything could give a chance to a malware to infect your CMS. Keeping in mind the plight of the webmasters, WordPress has announced that the auto-updates feature of themes and plugins is ready for a core merge. Currently, auto-updating is accessible only for core WordPress CMS. The stable version v5.5 would enable the features of WordPress theme & plugin auto-update

What is the need of this auto-update functionality?

Presumably, the auto-update feature has been enabled for themes and plug-ins to eliminate instances of site hacks. In the realm of WordPress security, plug-ins are prone to hacking attempts. Hackers can gain complete control of your site by exploiting a vulnerability located in the plugin. Interestingly, vulnerabilities like these can quickly be fixed with updates that these plugin developers push. 

Auto-update feature in WordPress; Source: Zdnet

However, the real problem lies in the fact that many site owners set up themes and plug-ins only to forget upgrading them. With the rolling out of WordPress theme & plugin auto-update, the site owners can install plug-ins, forget about them, and still be safe as these plug-ins have auto-update functionality. 

Auto-update feature has been long overdue

To be precise, the auto-update feature has been in the anvil since 2019. In February, the WordPress team developed a plug-in that is equipped with this exact functionality. However, they cautioned the webmasters as it is a beta test plug-in. On the other hand, notes related to the plug-in depicted that it was supposed to release in 2019. The automatic update features are now expected to ship with the next version of WordPress. 

WordPress has this code for a long period of time

Since version 3.7, the code was there in the source code of WordPress. In 2013, WordPress initiated an auto-update feature which runs on the background. It is worthwhile here to mention that since Version-3.7, various WordPress themes and plug-ins have been developed to set up small security updates. But note that the themes have been configured to update and install only minor upgrades. The actions of users are still needed for upgrading to the latest versions. 

For instance, if you want to upgrade from Version-4 to Version-5, you have to give your consent for the update. It is normal for you to have a lot of plugins and themes installed on your website. It is an uphill task to remember and update each theme one by one. Interestingly, when this auto-upgrade functionality was introduced in 2013, developers anticipated that they have the liberty to utilize it. 

Furthermore, the WordPress theme & plugin auto-update code was also integrated but lacked certain features. Now the team from WordPress is steadfastly initiating this code to render stability and flexibility to webmasters. The developers are emphasizing on adding a UI for regulating plug-in and theme updates through the admin panel of WordPress. In other words, with this new update, the site owners don’t have to customize their wp-config.php

WordPress automatic updates

Here is the list of four types of automatic updates in WordPress. 

  • Plugin Updates
  • Core Updates
  • Theme Updates 
  • Translation File Updates

On the other hand, the core upgrades are segregated into three varieties. They are as follows:

  • Major Code Upgrades
  • Minor Core Upgrades that are enabled by default 
  • Core Development Upgrades which are only available for installing developer updates
Source: Zdnet

WordPress permits you to streamline the update procedure for any of the above-mentioned varieties. This is the reason that it provides API filters and two wp-config.php constants. 

Why and when you should opt out of WordPress Automatic Updates?

To be frank, the WordPress theme & plugin auto-update is a great feature to have in your site. But even if it looks like they are just great to have, it is always a good idea to introspect on their functionality. There were instances when incompatibility issues with plug-ins and themes interrupted various functions of the website. Note that if your website is reliant heavily on a large number of plug-ins, it makes sense to opt for manual updates. The one-by-one process of updating the themes permits you to quickly identify the issues which are skipped by automation. But then again if you want to be from the hassles of updating each theme one by one, the WordPress core merge is great news for you.    

Summing Up

The WordPress theme & plugin auto-update is a great feature that could save us a lot of time and efforts. It would also allow a webmaster to keep his website updated. But what’s your view on enabling all kinds of updates? Put forward your views in the comments below.

Ananda Krishna

Ananda Krishna is the co-founder & CTO of Astra Security, a SaaS suite that secures businesses from cyber threats. He has been acknowledged by the Indian Navy, Microsoft, United Airlines, etc. for finding critical security vulnerabilities in their systems. Winner of the Best Security Product at Global Conference on Cyberspace 2017 (awarded by Narendra Modi, Prime Minister of India) & French Tech Ticket, Paris (awarded by François Hollande, former President of France). At Astra he's building an intelligent security ecosystem - web application firewall (WAF), malware detection & analysis, large scale SaaS applications, APIs & more. He's actively involved in the cybersecurity community and shared his knowledge at various forums & invited talks.
Notify of

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Inline Feedbacks
View all comments

Psst! Hi there. We’re Astra.

We make security simple and hassle-free for thousands
of websites and businesses worldwide.

Our suite of security products include a vulnerability scanner, firewall, malware scanner and pentests to protect your site from the evil forces on the internet, even when you sleep.

earth spiders cards bugs spiders

Made with ❤️ in USA France India Germany