The pitfalls of WordPress auto-updates

The maintenance of your website is just as important as regular maintenance of your car engine. If you don’t take care of it, eventually you’ll run into problems. Regular maintenance works out cheaper than a major rebuild.

Since the release of WordPress 3.7, you have been able to automatically update WordPress, its themes and the associated plug-ins.

In theory, this is a really nice idea, but there are a few things that you should be aware of.

Plug-in compatibility is the big problem when doing this.

Sometimes, an update will simply break a plug-in. Most WordPress sites have so many plug-ins that finding out which one is at fault is not always straightforward.

Very often tweaks or other functionalities have been added to (or removed from) a plug-in. When auto-updating, WordPress doesn’t check the current plug-in to see if any alterations have been made. It will simply overwrite the whole plug-in, and this can have dramatic knock-on effects on your website.

Site backups

Another potential risk with auto-updates is the scheduling of the update might not coincide with your backup schedule. What this means is, depending on when the auto-update takes place, you may not have a very recent backup of your site. If you have a daily backup at 01:00, and the auto-update runs at 13:00, potentially your last saved version might be 12hrs ago.

If the update causes any of the problems outlined above, you could lose content, orders, posts or even new pages.

You might think that disabling auto-updates is the answer, however:

Whilst disabling auto-updates might give you more control, doing large-scale updates to very old plug-ins can cause more issues. Finding the best approach for your company really depends on your website, and who is looking after it for you.

Not updating your site at all will also leave you vulnerable, and this can present yet other problems that can be very time consuming to sort out.

What can you do?

There are a number of very useful settings you can make within WordPress, either in the configuration or within a plug-in. WordPress give a good explanation of ways to control automatic updates here.

What we recommend to our clients:

Not every hosting company will include a maintenance contract, which would include managing updates and the potential complications that can result.

  • We work with clients and discuss these issues to work out best solution for them.
  • We use a WAF (Web Application Firewall) specifically tailored to WordPress, which minimises the risks and allows for more time when it comes to doing urgent updates.
  • We work with our clients on developing and testing new updates and plug-ins before roll out onto a live site.