Yes – Leave WordPress Automatic Updates Switched On, It’s For Your Own Good

secure vault

secure vaultSo I read with interest Marj Wyatt’s post recently on this very site where she spoke of her dislike of the WordPress Automatic Updates. For those of you who are unaware – WordPress as of 3.7 (which was launched at the end of October) now automatically upgrades WordPress should a release be available. The post highlighted a discussion topic featuring a number of viewpoints on this subject, many of them were against the opt-out format of automatic updates, and Marj herself was against it.

As a WordPress evangelist, and somebody fascinated by it’s ecosystem, I thought it’d be a good idea to post a rebuttal, clear up a few misconceptions, and also try to explain some functionality behind it. I should point out that – besides sharing the odd conference room and beers with the odd core contributor – I am an outsider looking in, so don’t know exactly why things are done that way.

Automatic Upgrades Are Only For Minor Releases

Here is the thing first of all. WordPress’ automatic updates are only activated for minor releases. Minor releases are when you go – for example – from 3.8 to 3.8.1 (which was the latest update). Major releases will be when WordPress goes from – say – 3.8.1 to 3.9. The minor releases – whilst minor – are important, as they often fix security issues and bugs that have arisen. These minor releases should not break any functionality of themes and plugins, as no functionality is ever removed or changed, but rather to fix bugs. Whilst Marj’s post did seem to suggest that minor updates had broken functionality, I cannot recall a time when such an issue arose (in fact, the only issue I could remember from my 8 years in using the software was when functionality changed that broke a lot of lazy coding – and yes, it broke some of my plugins too). The only issue I could see with minor upgrades causing grief would be when core files (everything that isn’t in the WP-Content folder) would be changed.

So that’s from your end, but what about server failure? Or failing to connect? Well, WordPress had a 99.988% success rate for the last 3.7 to 3.7.1 for about a million updates. These failures, though, were that the automatic upgrade process failed to complete, and the site wasn’t taken down. There are fallback procedures in place that should code not be copied across successfully, the site is returned to normal. Try it yourself: install WordPress on a local machine and then upgrade it whilst disconnected from the internet. You will see the process begin, but fail, and your site will be returned to normal.

At What Point Does Software become Major Software?

WordPress has become a major piece of software now. It powers over 21%  of the sites on the internet. It is a big deal, so there comes a point where I guess you could compare it to another piece of software that automatically updates without you realising it – Google Chrome.

Unlike Google Chrome however, you can pretty much see every fix that is made in the WordPress 3.8.1 update.

Also, another point of note is that should Google Chrome not be automatically updated, then in theory you’re leaving yourself open on the computer or the network that computer sits on. WordPress, however, sits on servers, some dedicated hosting, some shared with other users. It’s not fun when a site on shared hosting gets hacked, trust me on this. WordPress, in and itself, is incredibly secure to use – it has been recently been used on lots of governmental sites – but should a user fail to upgrade or maintain their software, then WordPress will invariably be blamed for this. From a purely business standpoint, it makes complete sense for them to have automatic updates switched on.

I Cannot See A “Decision Being Taken Away”

A point raised by Marj was that a decision to it not be a checkbox and have more control, and suggested that the majority of WordPress users didn’t have enough common sense to switch on or off a checkbox. Lets assume that it’s opt-in. How many times do you honestly go into the WordPress Options page? I am in WordPress all day and beyond set up I never go into it. Sure a banner could appear at the top asking users to review their options but that’s what we already had – we had a banner that wasn’t clicked on because if it was, then this feature wouldn’t have been necessary.

The decision to not auto-upgrade isn’t taken away from us. By adding one line of text to the config file you can disable auto updates. For most users however it’s not that they don’t know how or why they want to disable automatic upgrades, they just don’t care. I made a decision to fly with a certain company on holiday, I do not want to fly the plane itself, but trust the pilot and all the engineers to fly me there. It is obvious people trust the people behind WordPress, otherwise it wouldn’t be on over 21% of the sites on the Internet.

The Advice Is The Same As Always

The advice coming from all this is the same though. First off make regular backups. Secondly make regular backups. And thirdly make regular backups. There is no excuse now not to take regular backups of your site, with so many plugins out there that do this. Personally, I recommend BackWPUp, as it backs it up to Dropbox automatically. Really on most sites do this once per day. Install it now, and get it set up, and come back here when you’re done.

Secondly (or fourthly, if you’re really keeping score), learn what you’re putting on your server. Keep up to date with the latest happenings of your site’s software, as things like this crop up. You owe it to your clients to be prepared for any eventuality, and educate them to make an informed decision, or make them on their behalf.

Thirdly, from a WordPress standpoint, I’d also make sure that it’s your email, not the clients email address, located in Settings > General. Yes I’ve found this a few times with a few worried emails from clients regarding these automatic updates. Most clients will allow you to change this to your email address. So sit down with your client and speak to them about it. This email address is different from any Administrator email addresses too, so don’t feel like you have to sacrifice an administration account from your users for this (though in reality, users should be on Editor or below).

And finally, and this is where I differ from Marj (though I totally understand what she is saying), regarding “waiting and watching” on upgrades. WordPress goes through a massive release cycle, and furthermore, I test most of my plugins and sites before WordPress is released. You can do this by setting up locally or on a test site the WordPress Beta Tester. That way, you can be prepared for any eventualities that arise from the upgrades.

So there is my argument for WordPress Automatic Upgrades. Whilst I do believe choice is a good thing, I also believe we can paralyse ourselves with our choices, when in reality safe delegation to  trusted parties is better. This is one choice I’m happy to let The WordPress Foundation to make on my behalf. Trust me.

2 thoughts on “Yes – Leave WordPress Automatic Updates Switched On, It’s For Your Own Good

Leave a Reply

Your email address will not be published. Required fields are marked *