Automatic WordPress Updates

Last Revised: October 2, 2021

Keeping WordPress up to date is the key to avoiding security issues. WordPress is a secure system at its core, but the extensions by plugins or templates that do not keep up as new versions or improvements appear are what can cause problems.

By default, WordPress is updated automatically and by default with PATCH versions (according to Semantic Versioning). This means that security versions are automatically corrected. Still, this is no solution and it is very useful to set up the system so that everything flows.

When making the decision of whether to update or not, the usual question is do I have a complex or simple WordPress? A complex WordPress is one that has complex plugins (such as WooCommerce) or business-critical plugins.

Auto-Updates

WordPress from its version 5.6 includes a system of auto-updates at all levels, including the core, plugins, themes and translations.

From the Updates menu section you can manage the configuration of the core and translations, in the plugins section you can activate its automatic updates, and also with the themes.

Kernel updates

100% automatic core update

// wp-config.php
define('WP_AUTO_UPDATE_CORE', true);

Kernel update for minor versions only

// wp-config.php
define('WP_AUTO_UPDATE_CORE’, 'minor');

Disable automatic updates

// wp-config.php
define('AUTOMATIC_UPDATER_DISABLED', true);

Keep all WordPress up to date

If you want to keep up with the latest versions of everything that is in the official WordPress repository (or those templates and plugins that have an automatic update system) you can force it through filters. To avoid dependencies on templates or other combinations, it is best to upload this code as a “mu” plugin (must-use).

defined('ABSPATH') or die('Bye bye!');
add_filter('auto_update_core', '__return_true');
add_filter('auto_update_plugin', '__return_true');
add_filter('auto_update_theme', '__return_true');
add_filter('auto_update_translation', '__return_true');
add_filter('auto_core_update_send_email', '__return_true');

Step-by-step instructions

  1. Create the plugin or download it already created (unzip the ZIP file).
  2. Ftp access the [/wp-content/mu-plugins/] folder. If you don’t have this folder, create it.
  3. FTP upload the file [wpdanger-autoupdater.php] to the folder [/wp-content/mu-plugins/].
  4. When you enter the administration panel of your WordPress, in the Plugins area you will have a new section of Essential plugins where it will appear. Remember that being Essential you will not be able to activate or deactivate it.

Keep all WordPress outdated

In some complex installations, especially those in which you have to monitor that everything is always working, such as high availability or e-commerce sites, which use complex plugins such as WooCommerce, sometimes it is better to organize an agenda of updates (for example one day a week make the updates) and have previously tested them in a staging state . In these cases it is best to prevent WordPress from updating, and for this we have to block any type of automatic update. To avoid dependencies on templates or other combinations, it is best to upload this code as a “mu” plugin (must-use).

defined('ABSPATH') or die('Bye bye!');
add_filter('auto_update_core', '__return_false');
add_filter('auto_update_plugin', '__return_false');
add_filter('auto_update_theme', '__return_false');
add_filter('auto_update_translation', '__return_false');
add_filter('auto_core_update_send_email', '__return_false');

Step-by-step instructions

  1. Create the plugin or download it already created (unzip the ZIP file).
  2. Ftp access the [/wp-content/mu-plugins/] folder. If you don’t have this folder, create it.
  3. FTP upload the file [wpdanger-noautoupdater.php] to the folder [/wp-content/mu-plugins/].
  4. When you enter the administration panel of your WordPress, in the Plugins area you will have a new section of Essential plugins where it will appear. Remember that being Essential you will not be able to activate or deactivate it.

Recover the previous version of a plugin or template

Sometimes it is possible that the update of a plugin or template is not expected. In these cases (especially in minor versions, since the larger ones usually involve changes that make it difficult to go back) it can be very useful to use tools such as WP Rollback.

When was that add-in or template updated?

It’s all well and good to update plugins or themes, but why install a plugin that hasn’t been updated for more than a year?

It is clear that there are plugins that surely because of their functionality do not require major changes, but simply to keep the dates and test data updated, any developer of a plugin or theme should update the data.

And it is that all the complements carry inside a data that should be up to date: version “until the one that has been tested”. If versions and versions of WordPress appear and the programmer of the plugin is not testing its operation in those new versions, who is going to do it?


Seguir con Seguridad para WordPress


About this document

This document is regulated by the EUPL v1.2 license, published in WP SysAdmin and created by Javier Casares. Please, if you use this content in your website, your presentation or any material you distribute, remember to mention this site or its author, and having to put the material you create under EUPL license.