well my Wordpress site is automatically updating itself when a new version of Wordpress is available. This is the good news: I know that this automatic feature is available in Wordpress since sometimes back. But I have some questions about this:
the question is: A WordPress automatic update-option: can this harm my website?
- Can this be risky in any case?
- do i need to have any server conditions that are risky?
- Does Wordpress have a way to recover our website if anything goes wrong?
- Does WordPress keep any backup when doing the update?
- and finally : Does it matter how we have installed Wordpress? (e.g plugins and security settings)!? - i am thinking bout all these questions for quite a long time.
Let me express my woes bout the server-configuration - that we need to meet the needs for an automated update process. i guess that there is always some risk. But with the default of only doing minor core release we might be pretty safe.
Also we should think of how while being some risk itself the update also protects all of us from other risks by e.g. fixing security issues. Automatic Background Updates have been introduced in WordPress a long long time ago guess it was the version 3.7.
In WordPress, there are four types of automatic background updates:
Core updates
Plugin updates
Theme updates
Translation file updates
Core Updates #Core Updates
Core updates are divided into three sub-typologies:
- Core development (only available for development installations)
- Minor core updates (maintenance and security) – enabled by default in stable installations
- Major core updates
- WordPress allows you to automate the update process for any of these typologies providing two wp-config.php constants and a good number of API filters.
Controlling Background Updates Through wp-config.php
WordPress provides a couple of wp-config.php constants that allow us to control auto-updates. Setting AUTOMATIC_UPDATER_DISABLED to true will disable any kind of automatic upgrade:
- Code: Select all
define( 'AUTOMATIC_UPDATER_DISABLED', true );
WP_AUTO_UPDATE_CORE allow us to control core updates (minor, major and development releases). This constant can be defined as follows:
# Disables all core updates:
define( 'WP_AUTO_UPDATE_CORE', false );
# Enables all core updates, including minor and major:
define( 'WP_AUTO_UPDATE_CORE', true );
# Enables minor updates:
define( 'WP_AUTO_UPDATE_CORE', 'minor' );
In development installations WP_AUTO_UPDATE_CORE defaults to true. In stable installations it defaults to minor.
For the sake of completeness, I should mention an additional constant that can be defined to disable auto-updates. However, setting its value to true will disable any file edits, even themes and plugin installations and manual updates.
- Code: Select all
define( 'DISALLOW_FILE_MODS', true );
Instead, you may prefer to define the DISALLOW_FILE_EDITS constant, which would disable the file editor, but keeping safe the installation and update functionalities.
Related tutorial: wp-config.php File – An In-Depth View on How to Configure WordPress
Controlling Back
Codex for more info on how to do that: http://codex.wordpress.org/Configuring_ ... nd_Updates
Again you can find more info at the Codex: https://codex.wordpress.org/Updating_WordPress
regular backups anyway: https://codex.wordpress.org/WordPress_Backups
conclusio: Automatic background updates were introduced in WordPress 3.7 in an effort to promote better security, and to streamline the update experience overall.
By default, only minor releases – such as for maintenance and security purposes – and translation file updates are enabled on most sites.
the question is: is there any risk in configuring the server so that tha auto updates are working!?
