This news strikes terror in many of our hearts.
After all, who can forget all the failed update horror stories?
I’ve got a few to tell myself so I understand and am uncertain for the time being.
However, because WordPress is very much part of my business, and this can potentially help shave a ton of my time, including outsourcing costs – it would be naive to reject automatic updates wholesale without first understanding what is involved.
Like anything new and somewhat major, this took me some time to digest. Some of this stuff is rather technical so I thought I’d help you understand what it all means to you.
Improved Verification Before Updates
When you click update, WordPress doesn’t simply update willy nilly. There are checks happening in the backend that you never see (that’s a good thing). With automatic updates, the developers have improved these backend checks to reduce update problems.
Update: I forgot to include this in the initial post. From what I read and understand, the automated minor updates only replace the changed files not the entire WordPress core as you would a major update.
It’s Not For Major Updates
I think this is where most people’s fears lie. Understanding this has helped me breathe a little easier. Before I dive in, let me explain the differences between updates. There are
- Security Updates – where security loopholes are patched
- Minor Updates – these are updates from 3.7 -> 3.71 or 3.71 -> 3.72
- Major Updates – these are the ones that go from 3.6 -> 3.7 (which is where most update issues come from)
The good news is – automatic updates are not applied for major updates. Only security and minor updates. In fact, it’s been stressed over and over by the development team, automatic major update is not on the table and if it were it would be years before doing anything like that.
Automatic Updates Also Work For Older Versions
This is a little more geeky and may not be of interest for the casual user, but if you build WordPress sites for others, it might be something you’d like to know.
What this means is, if there is a vulnerability found in version 3.8 that is also present in 3.7.x, WordPress can now issue an automatic update to patch both the 3.8 and 3.7.x versions.
This way, you aren’t forced to update to the very latest copy in order to close a security issue (although it’s probably a good idea).
Optional Automatic Theme and Plugin Updates
Before you get out our pitchforks, from what I understand, only the core if automated by default.
Themes and Plugins are not automatically updated however, WordPress does support the option for you to do so. You can define which themes/plugins you want to auto update and you can also define you want automatic updates for minor or major releases of these just like the core.
As far as automatic updates go you will begin receiving three types of email notifications.
- Update successful
- Update didn’t occur – maybe you require FTP or file permissions prevent it
- Critical update failure
If you decide to let auto update do its thing, it’s probably a good idea to review your website each time after getting these emails. That way you know if things turned out OK – well, the last one we know didn’t turn out, but I’d definitely check out the site even after receiving a successful update notice.
There are a lot of other options, some more technical than others but I thought these were the major ones worth pointing out. All the options outlined here require manual editing of your wp-config.php file. But, thanks to ever pro-active plugin developers, there’s already a plugin out to help you with these options including turning off auto-updates if you choose to.
Would I Do It?
The question now is – what would you do Lynette?
At the time of writing, I’ve yet to witness an auto update. I purposely updated one site to 3.7 knowing that 3.7.1 would be out shortly but it’s been almost 24 hours, and my test site has not auto-updated yet. My manual triggers have been unable to force it to auto update so I’m still asked to click to update like the old way.
For smaller sites (landing pages) and sites where there aren’t a whole lot going on, I’d probably let them auto update to see how it works. Right now, I’d hesitate to turn it on for any site that has a membership component, has a lot of traffic, or is tied into another system. For the most part, I’ve found most sites break on updates because of a theme or a plugin. So if you’re really worried about an update be it major or minor, automatic or not, check with the plugin or theme developers first if it is compatible.