You may or may not know about a relatively new feature introduced into WordPress 3.7 – auto-update. In the WordPress 3.7 series and above, WordPress would update itself when a new minor version or security update is released. By default, WordPress would not upgrade itself to a major version (3.7 to 3.8 for example).
In this post I will go through what this process does and how you can get control of your website back.
What is Auto-update and is it a Good Thing™?
Just in case you didn’t know, auto-update is when your WordPress install detects that a new version has been released and will upgrade itself without you telling it to.
Just think about that for a moment. Without auto-update, if a security flaw is discovered, you have to go through all of your websites running the vulnerable version and make sure they are updated. Like a lot of internet marketers you may have a rather large collection of websites to go through. This can be a very time-consuming process.
With the auto-update feature enabled, all of your WordPress websites will apply the update without asking you first! While this may initially seem like a Very Good Idea™, the first you know about your theme, one of the plugins or custom code breaking is when you get complaints from your users. Then the fixing of broken websites begins. If you have not made a regular backup of your website you could be in for a world of hurt.
Enable or Disable Auto-Update?
There is no hard and fast rule to this. While the WordPress team try to make sure that all security and minor updates (3.7.1, 3.7.2, etc) do not make any changes to the core functionality, there is no guaranty everything will still work perfectly. This is especially true of security updates. By its very nature, a security update may need to make a change to the core processes within WordPress to fix the problem.
For most people, leaving the auto-update feature enabled and set to security and minor updates is okay. If you know, or suspect a theme or plugin will have issues on newer versions of WordPress, then you need to disable WordPress auto-update until you replace the offending item. Running on old versions of WordPress is not recommended and can leave you open to attack from crackers.
How to Fine Tune WordPress Auto-Update
If you are technically minded, the WordPress Codex has a very good page on how to control the auto-update process. For most people this may be too technical and off-putting. There are a few plugins available to make the process of controlling how and when the updates occur. I have tested a few and the one I prefer is Advanced Automatic Updates. It has a simple click the tick box interface which should give even the most novice WordPress administrator a comfortable, easy way of ensuring their website is safe and secure. Or at least working until the incompatibility is fixed!
Do I think auto-update is a Good Thing™? In most cases, absolutely yes. There will always be cases where an update breaks something, but with the minor and security updates this is highly unlikely. The knowledge that your websites have the latest version and is the best it can be can be a huge comfort. Just be aware of the updates when they are released and check all of your websites after each update is applied.