hootsuitebanner-300x100

WordPress AutoUpdates – Why Not?

It seems that my recent article about the WordPress AutoUpdate feature has garnered some feedback from another author at this site.   I feel compelled to respond to some of the points that Rhys has made.

Minor Update…

Rhys said:

WordPress’ automatic updates are only activated for minor releases. Minor releases are when you go – for example – from 3.8 to 3.8.1 (which was the latest update). Major releases will be when WordPress goes from – say – 3.8.1 to 3.9.

My contribution to this site was by personal request from a site owner here.  As the request was spontaneous, it wasn’t my intention to write a complete tutorial on the WordPress AutoUpdate feature. That being said, I read a lot of this sort of thing at the thread I started on the WordPress.org forum.  For me, that argument fell flat.

None of the software that I’ve written, nor the sites that I own or am obligated to maintain, failed with this update or any other update.  I’ve always done regular backups beyond the backup done at the time of the update and not having the opportunity to do that snapshot backup prior to the rollout of the update was disturbing.

Should Not Break…

Rhys said: Continue reading “WordPress AutoUpdates – Why Not?”

vault

Yes – Leave WordPress Automatic Updates Switched On, It’s For Your Own Good

secure vaultSo I read with interest Marj Wyatt’s post recently on this very site where she spoke of her dislike of the WordPress Automatic Updates. For those of you who are unaware – WordPress as of 3.7 (which was launched at the end of October) now automatically upgrades WordPress should a release be available. The post highlighted a discussion topic featuring a number of viewpoints on this subject, many of them were against the opt-out format of automatic updates, and Marj herself was against it.

As a WordPress evangelist, and somebody fascinated by it’s ecosystem, I thought it’d be a good idea to post a rebuttal, clear up a few misconceptions, and also try to explain some functionality behind it. I should point out that – besides sharing the odd conference room and beers with the odd core contributor – I am an outsider looking in, so don’t know exactly why things are done that way.

Automatic Upgrades Are Only For Minor Releases

Here is the thing first of all. WordPress’ automatic updates are only activated for minor releases. Minor releases are when you go – for example – from 3.8 to 3.8.1 (which was the latest update). Major releases will be when WordPress goes from – say – 3.8.1 to 3.9. The minor releases – whilst minor – are important, as they often fix security issues and bugs that have arisen. These minor releases should not break any functionality of themes and plugins, as no functionality is ever removed or changed, but rather to fix bugs. Whilst Marj’s post did seem to suggest that minor updates had broken functionality, I cannot recall a time when such an issue arose (in fact, the only issue I could remember from my 8 years in using the software was when functionality changed that broke a lot of lazy coding – and yes, it broke some of my plugins too). The only issue I could see with minor upgrades causing grief would be when core files (everything that isn’t in the WP-Content folder) would be changed. Continue reading “Yes – Leave WordPress Automatic Updates Switched On, It’s For Your Own Good”

WordPress Automatic Updates: To Protect and Serve

As I checked email before going to bed on Friday night, I found a message in my inbox indicating that my WordPress websites had been updated. A moment of panic set in. I thought I had been hacked!

After checking out my sites and satisfying myself that they had not been hacked, I browsed over to WordPress Codex and started reading about this new “feature”. I quickly learned that it had been initiated with WordPress version 3.7. At that time it didn’t seem to work very well but I guess the idea lived on because the update roll-out for version 3.8.1 was in progress and a lot of the people involved with the development of this feature were congratulating themselves.

protect_and_serveThe motivation behind a feature like this is to improve WordPress security. The assumption of those at the helm is that most users won’t update their sites, a known contributor to hacker intrusion, and the Core Developers want to make the internet a safer place.

In my years as a WordPress website developer I have encountered sites that never get updated, some of which had been hacked. So the idea behind this is not altogether a bad.  The implementation of it is what was objectionable to me.  In my professional opinion, we should have been given the option to enable this feature rather than being forced to disable it after the fact of a roll-out.

I perused the WordPress forum to learn more.  I quickly learned how I could stop this automatic background update from happening again, but it was late and I didn’t want to begin implementing the solution before getting some sleep because I knew it would take hours, due to the number of sites that I am obligated to support and the need to verify post update functionality. Continue reading “WordPress Automatic Updates: To Protect and Serve”