On 11th August 2020, WordPress 5.5 was released. One of the highlights of this release is automatic updates (often shortened to ‘auto-updates’) for plugins and themes.
What Are Auto-Updates?
With the latest WordPress 5.5, it is possible to have automatic updates of WordPress itself, the theme that the website uses, as well as any plugins the website uses. Automatic updates means these are done without intervention by anybody. It is possible to enable auto-updates on a per plugin and per theme basis – so these don’t need to be enabled for everything.
Why Your WordPress Website Needs to be Kept Updated
Keeping a WordPress website updated is important, with the most critical reason being to improve your website security. By having up to date plugins, themes and WordPress itself, you minimise the chances of your website being hacked. This is because one of the most likely ways a website becomes vulnerable is when there is a vulnerability in an out of date plugin.
Are Auto-Updates Good?
As mentioned in the previous section, the concept of keeping a website updated is good and very important. However autonomous, automatic updates of themes and plugins are not always good. There are two key reasons why it isn’t so good:
Updates May Break a Website – Without Knowledge
Sometimes (we have seen this on several occasions) an update to a theme or plugin may break a website. If they are done automatically, this could be without knowledge of the website owner or developer – meaning nobody may be aware. This could result in errors showing or parts of your website not working as expected, to (in the worst case) your website being inaccessible. To compound this, if multiple plugins are updated on a particular day, it can then be tricky to know which update(s) caused the website to break.
Functionality May Change or Compatibility Problems Be Introduced
If a plugin is updated to a new version, the functionality it provides may change. The functionality change may not be something you want or some functionality you did want has now been removed from the plugin.
There is also the possibility that a plugin update may introduce compatibility problems with other plugins. For example the WooCommerce plugin (used for e-commerce sites) may be updated, but other plugins used may not yet be compatible with the latest WooCommerce release. So those plugins may then not work as expected.
What Approach Is Best For Your Site?
In terms of enabling auto-updates for plugins and themes, the best approach ultimately depends on the importance of your website and whether you have an active maintenance / care plan. We’ve outlined the two main types of site below and our suggested approach:
Personal (Non-Business) Website – Without Any Maintenance or Care Plan
In our view, for non-business websites that don’t have any maintenance or care plan, auto-updates should be enabled for all plugins and the theme. This is because the security benefits outweigh the potential risk of the site not working properly.
For business websites (e.g. used for marketing purposes or to generate revenue) that have active maintenance / care plan, we recommend that auto-updates should only be enabled for a minority of plugins.
As part of the maintenance or care plan, your developer or agency will be able to determine suitable plugins to enable auto-update on. These will typically be high quality plugins with good quality QA, good history (in terms of stability) and those that have less / no impact on core site functionality.
For plugins that are not set to auto-update, your agency should be regularly and manually updating these following their normal process. In terms of themes, these should also be manually updated, usually with testing on a staging site first to check for any problems.
If you don’t already have a care plan in place, feel free to learn more about our care plans or get in touch to discuss options.