A Case Against WordPress Auto Updates

Posted on: July 17th, 2017

If you work with WordPress sites, you’re familiar with the robust functionality, ease of use and highly customizable nature of the platform. And with hundreds of plug-ins and extensions, there are endless combinations of WordPress back-end functionalities. Keeping everything up to date can be quite the chore, so an automatic feature that saves you the trouble of updating every single plug-in sounds like a great thing, right? You would think yes, but despite the convenient set-it-and-leave-it nature of auto updates, they can introduce you to a number of vulnerabilities.

Zero-day Issues
There is always the concern for zero-day vulnerabilities when a plugin developer or WordPress itself pushes out an update. Sometimes these auto updates are either broken or subject to vulnerability on launch day. It’s wise to protect against this by creating a full backup of your site prior to any updates being made to make sure that if something does go wrong, you can reliably roll back to a stable version of the site.

Timing is Everything
It’s best to update your site during a time that will cause the least disruption to your business should trouble arise, and there’s no way for WordPress or plugin developers to do this across the board. Manually performing these updates during a time that makes the most sense for your business can save you the headache of any downtime during peak business hours.

More Control
When you manually update a site, you have the option to go through all of the pages and the most recent blog posts to make sure everything looks good and is performing as it should. More control over updates means you can more accurately ensure a stable environment for visitors.

Buying Time
Not updating immediately after a patch release gives you time to review the newest patch and be 100% sure that you can avoid or prepare for any conflicts with other plugins.

PHP Security Risks
In addition to making sure your WordPress version and plug-ins are updated and working properly, updating your PHP version is also extremely important in order to avoid vulnerability to attackers. This responsibility should fall on the host, your internal team that manages clients’ websites or the clients themselves depending on your agreement. When PHP updates are neglected, attackers have more time to figure out where the vulnerabilities are in the file server, and they can potentially take control of a whole site. Additionally, with time, more and more plugins and even WordPress itself will not support older versions of PHP on the server.

Updating your WordPress version and plug-ins is crucial to maintaining the security and functionality of your clients’ websites, and doing it with as few hiccups as possible will save you from unnecessary fire-drills. Want to learn about monthly managed updates? Contact Eyesore – your digital overflow, rural outsourcing partner.