WordPress AutoUpdates – Why Not?

It seems that my recent article about the WordPress AutoUpdate feature has garnered some feedback from another author at this site.   I feel compelled to respond to some of the points that Rhys has made.

Minor Update…

Rhys said:

WordPress’ automatic updates are only activated for minor releases. Minor releases are when you go – for example – from 3.8 to 3.8.1 (which was the latest update). Major releases will be when WordPress goes from – say – 3.8.1 to 3.9.

My contribution to this site was by personal request from a site owner here.  As the request was spontaneous, it wasn’t my intention to write a complete tutorial on the WordPress AutoUpdate feature. That being said, I read a lot of this sort of thing at the thread I started on the WordPress.org forum.  For me, that argument fell flat.

None of the software that I’ve written, nor the sites that I own or am obligated to maintain, failed with this update or any other update.  I’ve always done regular backups beyond the backup done at the time of the update and not having the opportunity to do that snapshot backup prior to the rollout of the update was disturbing.

Should Not Break…

Rhys said: Continue reading “WordPress AutoUpdates – Why Not?”

WordPress Automatic Updates: To Protect and Serve

As I checked email before going to bed on Friday night, I found a message in my inbox indicating that my WordPress websites had been updated. A moment of panic set in. I thought I had been hacked!

After checking out my sites and satisfying myself that they had not been hacked, I browsed over to WordPress Codex and started reading about this new “feature”. I quickly learned that it had been initiated with WordPress version 3.7. At that time it didn’t seem to work very well but I guess the idea lived on because the update roll-out for version 3.8.1 was in progress and a lot of the people involved with the development of this feature were congratulating themselves.

protect_and_serveThe motivation behind a feature like this is to improve WordPress security. The assumption of those at the helm is that most users won’t update their sites, a known contributor to hacker intrusion, and the Core Developers want to make the internet a safer place.

In my years as a WordPress website developer I have encountered sites that never get updated, some of which had been hacked. So the idea behind this is not altogether a bad.  The implementation of it is what was objectionable to me.  In my professional opinion, we should have been given the option to enable this feature rather than being forced to disable it after the fact of a roll-out.

I perused the WordPress forum to learn more.  I quickly learned how I could stop this automatic background update from happening again, but it was late and I didn’t want to begin implementing the solution before getting some sleep because I knew it would take hours, due to the number of sites that I am obligated to support and the need to verify post update functionality. Continue reading “WordPress Automatic Updates: To Protect and Serve”