The Argument FOR Auto-Updating Your WordPress Sites
When it comes to WordPress, there are at least THREE main software components to keep in mind:
 WordPress (sometimes called the “WP core”)
Let’s start with WordPress plugins.
In my view, the single best thing and single worst thing about WordPress is plugins.
On the one hand, these open source software add-ons allow us to heavily customize our WP sites in ways not easily possible with a more ‘normal’ kind of website.
They add flexibility, amazing value for (no) money, specific functionality and have created a vast ecosystem of developers and software entrepreneurs.
Yet at the same time, they have opened up something of a ‘Pandora’s Box’ in three distinct ways:
1. Security vulnerabilities in (too) many plugins have proven to be a hacker’s fantasy and a lot of these aren’t even discovered for years.
Sometimes, with popular plugins, hundreds of thousands of sites can be affected, even when the plugins were built by experienced coders.
Software vulnerabilities are just a fact of life generally – even Intel had their own major issues with the Meltdown bug.
And, even a completely up-to-date plugin can have an unknown exploit waiting for hackers or anti-hackers to find.
Plus, an inactive plugin can still be a security risk even if it is disabled and not set to Active!
2. WordPress sites can also become very slow and heavy with too many plugins.
I wrote about this here and the all time record for the most plugins on one site that we have seen at WPX was just over 200!
That’s not the worst part though.
The worst part is that in most cases, the site owner isn’t even using many/most of those plugins any more – hello “shiny object syndrome” – but didn’t get around to removing them, and probably never will.
WPX is all about speed of page loading (support too!) and it’s a shame that sometimes our hard work on the hosting end gets undone by a ton of (mostly unused but not deleted) plugins slowing a site down – especially on the WP Admin backend – to a frustrating crawl.
In short, we’re all hoarding too many plugins, we all need to audit those and delete the unwanted/unused ones.
But apart from the raw number of plugins, just one badly coded plugin can cause a ton of trouble for a server or other plugins.
3. Software conflicts – see the section below, “The Argument AGAINST Auto-Updating Your WordPress Sites” (WordPress have these switched OFF by default too).
How To Turn ON Auto-Updating For Your Plugins
Since WordPress 5.5, auto-updating plugins and themes/templates has been an option.
Let’s start with plugins BUT make sure to read the case AGAINST enabling this option below BEFORE flicking the switch.
Inside your WordPress Admin area, on the left menu, click on Plugins to bring up the full list of inactive and active plugins installed on your site.
Above the list, you can see a check box called, mysteriously, Plugin (the top red arrow below is pointing to it). Click it to tick it.
From the drop-down menu above the Plugin check box, choose Enable Auto-updates and then click on the Apply button – that’s it, job done:
Just make sure that you use a safety option like the one described below, in case a plugin (or theme) auto-update brings your whole site down (it happens).
How To Turn On Auto-Updating For Your Themes/Templates
If you are NOT using a customized theme (e.g. you paid a developer to make one in a specific way), WordPress also allows the auto-updating of normal themes/templates.
To do this, and it has to be one theme at a time though you are probably settled on one particular template anyways, go to the left menu in your WordPress Admin area to Appearance–Themes.
Click on Themes to see the options currently available:
Then hover your mouse over your current, installed theme/template where you should see a Theme Details link.
Click on that Theme Details link.
You should now see a link – follow the red arrow below – called Enable auto-updates.
Click on that to enable it and this must be done SEPARATELY for each theme/template you want to update automatically.
Backup Warnings If An Update Breaks Your Site
One way to imperfectly monitor if your site has gone offline due to an auto-update of plugins, themes or WordPress itself is to create a free account at UptimeRobot.com and monitor your site status there (they email you if your site goes offline).
However, we track our own sites there and you can get occasional false positives.
If your site is broken, it will show with a fail result on those services.
What About Auto Updates Of WordPress Itself?
Apart from WordPress plugins and WordPress themes/templates, there is the matter of updating WordPress itself (remember, this is often referred to as a core update).
There is no option (yet!) inside WordPress to enable that AND WordPress core updates can be a little buggy for the first week or two after the update so it’s NOT recommended to set that on autopilot anyway – you have been warned!
But if you’re determined to do that, it can be set up with a free plugin (yes, another plugin) called Easy Updates Manager.
Even hosting companies who do automatically update all of their customers’ sites to the latest version of WordPress (WPX does NOT, for the reasons detailed on this page) usually wait a few weeks after a new core update release for any bugs to be ironed out.
The Argument AGAINST Auto-Updating Your WordPress Sites
Unlike some hosting services, WPX does NOT currently auto-update the sites of WPX customers (plugins, themes/templates or WordPress itself).
Huh, why not?
The simple reason is that in the past we have had far too many WPX customers’ sites break when a plugin, template or WordPress auto-updated and it brought the whole site down.
When it comes to hosting, a LOT of software has to get along peacefully with other software in order for a site to run properly.
Often (too often!) though, there are software conflicts between plugins, conflicts between plugins and WordPress versions and conflicts between plugins and PHP versions.
Plus, most plugins for WordPress out there are free (58,000+ at last count just in the WP repository) and generally coded by well-meaning amateurs who often fail to understand the server or environmental impact of their programming decisions.
If you think it’s strange that WPX does not auto-update, remember that WordPress itself has auto-update turned OFF by default and it needs to be enabled for BOTH plugins and templates (and via a plugin for the WordPress core) – what does that tell you about the risk factor?
In short, we leave that decision up to you about your site but if you DO want to enable auto-updates on your WP blog, the steps above show you exactly how to do that.