When the context is about security, we know how crucial it is to regularly update WordPress installations. The average WordPress website is attacked by malware 44 times a day. From weak plug-ins to insecure themes, anything could give a chance to a malware to infect your CMS. Keeping in mind the plight of the webmasters, WordPress has announced that the auto-updates feature of themes and plugins is ready for a core merge. Currently, auto-updating is accessible only for core WordPress CMS. The stable version v5.5 would enable the features of WordPress theme & plugin auto-update.
What is the need of this auto-update functionality?
Presumably, the auto-update feature has been enabled for themes and plug-ins to eliminate instances of site hacks. In the realm of WordPress security, plug-ins are prone to hacking attempts. Hackers can gain complete control of your site by exploiting a vulnerability located in the plugin. Interestingly, vulnerabilities like these can quickly be fixed with updates that these plugin developers push.
However, the real problem lies in the fact that many site owners set up themes and plug-ins only to forget upgrading them. With the rolling out of WordPress theme & plugin auto-update, the site owners can install plug-ins, forget about them, and still be safeas these plug-ins have auto-update functionality.
Auto-update feature has been long overdue
To be precise, the auto-update feature has been in the anvil since 2019. In February, the WordPress team developed a plug-inthat is equipped with this exact functionality. However, they cautioned the webmasters as it is a beta test plug-in. On the other hand, notes related to the plug-in depicted that it was supposed to release in 2019. The automatic update features are now expected to ship with the next version of WordPress.
WordPress has this code for a long period of time
Since version 3.7, the code was there in the source code of WordPress. In 2013, WordPress initiated an auto-update feature which runs on the background. It is worthwhile here to mention that since Version-3.7, various WordPress themes and plug-ins have been developed to set up small security updates. But note that the themes have been configured to update and install only minor upgrades. The actions of users are still needed for upgrading to the latest versions.
For instance, if you want to upgrade from Version-4 to Version-5, you have to give your consent for the update. It is normal for you to have a lot of plugins and themes installed on your website. It is an uphill task to remember and update each theme one by one. Interestingly, when this auto-upgrade functionality was introduced in 2013, developers anticipated that they have the liberty to utilize it.
Furthermore, the WordPress theme & plugin auto-update code was also integrated but lacked certain features. Now the team from WordPress is steadfastly initiating this code to render stability and flexibility to webmasters. The developers are emphasizing on adding a UI for regulating plug-in and theme updates through the admin panel of WordPress. In other words, with this new update, the site owners don’t have to customize their wp-config.php.
WordPress automatic updates
Here is the list of four types of automatic updates in WordPress.
- Plugin Updates
- Core Updates
- Theme Updates
- Translation File Updates
On the other hand, the core upgrades are segregated into three varieties. They are as follows:
- Major Code Upgrades
- Minor Core Upgrades that are enabled by default
- Core Development Upgrades which are only available for installing developer updates
WordPress permits you to streamline the update procedure for any of the above-mentioned varieties. This is the reason that it provides API filters and two wp-config.php constants.
Why and when you should opt out of WordPress Automatic Updates?
To be frank, the WordPress theme & plugin auto-update is a great feature to have in your site. But even if it looks like they are just great to have, it is always a good idea to introspect on their functionality. There were instances when incompatibility issues with plug-ins and themes interrupted various functions of the website. Note that if your website is reliant heavily on a large number of plug-ins, it makes sense to opt for manual updates. The one-by-one process of updating the themes permits you to quickly identify the issues which are skipped by automation. But then again if you want to be from the hassles of updating each theme one by one, the WordPress core merge is great news for you.
The WordPress theme & plugin auto-update is a great feature that could save us a lot of time and efforts. It would also allow a webmaster to keep his website updated. But what’s your view on enabling all kinds of updates? Put forward your views in the comments below.