cPanel® Blog

WordPress® Auto-Updates: Should You Use Them?

Open Source projects like WordPress have empowered over a billion people to have an online presence. One factor that plagues the Open Source community is hackers. The nature of Open Source and its security transparency opens the door to constant hacking attempts by ruthless hackers, bots, and script-kiddies. The number one way to prevent your WordPress site from getting hacked is to keep your WordPress version, themes, and plugins updated. Keeping WordPress updated can be challenging both for smaller businesses that don’t employ a webmaster as well as larger agencies that maintain hundreds of WordPress sites.

To help manage the issue of updating WordPress, last year, WordPress 5.5 introduced auto-update options for plugins and themes. Before version 5.5, such update features were only available by plugins or 3rd party services. But do auto-updates solve the problem or present even more issues? This article will discuss the pros and cons of auto-updates and the best methods of keeping WordPress up to date.

How do WordPress auto-updates work?

In WordPress 5.5, you have the option to turn on auto-updates for your plugins and themes manually. When activated, WordPress runs the WP-Cron several times a day to check for available updates. WP-Cron is a CronJob for WordPress that handles scheduling time-based tasks in WordPress. After running the WP-Cron, if a new version of the theme or plugin is available, it will be automatically downloaded and installed.

The benefits of WordPress auto-updates

Security should be your number one concern; according to a recent Imperva report, 98% of WordPress vulnerabilities are due to plugins.

By utilizing auto-updates, your website will make sure as soon as the developer releases an update or security patch, it will be updated on your website.  

Auto-updates benefit users that don’t log in or manage their website consistently. They also help users that operate multiple WordPress sites by saving them countless hours of manual work.

The problem with WordPress auto-updates

At its core, auto-updates for themes and plugins sound like a blessing but there can be adverse effects on your website. A few possible scenarios are:

  • Your website crashes –   The automatic updater does not check for compatibly or conflicts with other plugins and scripts when installing the update. A simple Javascript conflict can have profound implications. 
  • New vulnerabilities –  The goal of auto-updates is to keep your website updated with the latest version of the software, but often new features come with new vulnerabilities.  

What if auto-update breaks your site?

If you can still access your website and only see visual issues, you can always disable the updated plugin or theme. If your whole site goes down, it might be time to restore your site with a backup. Keeping up-to-date backups of your website is crucial today. There are several backup solutions currently available:

  • WordPress backup plugins –  The WordPress plugin directory offers hundreds of backup and website maintenance solutions. 
  • Backup services –  SaaS platforms like Vaultpress offer real-time and scheduled backup services for WordPress websites.
  • Server-side backups – cPanel’s Backup Wizard and add-on services such as Jetbackup can be configured to backup your sites on a scheduled timeline. These services offer great customization and options.

How to make sure your WordPress site doesn’t break from auto-updates

Turn off auto-updates in WordPress and let WordPress Toolkit handle the process with Smart Updates! WordPress Toolkit’s Smart Updates work for manual and automatic updates. Before confirming these updates, you get to see a side-by-side preview of your current site and the updated site to decide whether to commit the updates. 

Smart Updates uses artificial intelligence to analyze updates and learn which are beneficial or not and then offers recommendations. It also creates easy rollbacks via Restore Points and Backups to make sure you never lose your site or data.

You can also disable plugins and themes even if you do not have access to your website. Since WordPress Toolkit runs at the server level inside of cPanel, you won’t be locked out of plugin and theme administration.

Find out more about Smart Updates and WordPress Toolkit for cPanel at: http://cpanel.net/wp-toolkit

The bottom line about WordPress auto-updates

Auto-updates for Themes and Plugins are a welcome update to WordPress, and as Matt Mullenweg revealed in his 2020 State of the Word, this is just the beginning of an install it, set it and forget it approach for updates. We look forward to the upcoming auto-updates and security enhancements in WordPress. No matter how advanced WordPress updates and security get, there will still be a need for server-level security and administration. cPanel and WordPress Toolkit are here to keep your websites secure and updated.

As always, if you have any feedback or comments, please let us know. We are here to help in the best ways we can. You’ll find us on Discord, the cPanel forums, and Reddit. Be sure to also follow us on FacebookInstagram, and Twitter.

Jason Nickerson

Jason Nickerson has 20 years of experience in the web industry, from e-commerce to web development, to content management and web hosting. An Open Source Evangelist and a past Board Member of Open Source Matters / Joomla, he has shared his love of Open Source worldwide. Jason is currently a member of the cPanel Marketing Team and cPanel's Community Event Planner.