The Pros and Cons of Automatic WordPress Updates

November 4, 2022

Every site owner knows (hopefully!) the importance of keeping the site’s software up to date. If you don’t keep up with that your site becomes vulnerable to hackers, functionality breaking, etc. Maintaining software can be a tedious thing, and automating it is an understandable objective.

Drupal does not generally support automatic updates, though work is being done to enable automatic Drupal core updates. That won’t work for Drupal 8+ installations using version control, though, which is probably a majority of Drupal 8+ sites. I will be discussing automatic WordPress updates from here on.

WordPress offers automatic updates on plugins as well as WordPress core. WordPress core supports automatic updates on minor as well as major versions. In fact, minor core updates are enabled by default and can only be disabled via custom code or special plugins. It also supports automatic updates on plugins.

The Pros

Plugins and minor core updates will simply update when they need to. Major core updates will still require manual attention unless you want to automate those as well, but that’s a bad idea since those can come with breaking changes.

The Cons

Plugin and minor core updates can introduce bugs, and you may not notice those bugs until later… sometimes so late that your backups are useless. Figuring out what is causing the bug can sometimes mean considerable time time has to be spent solving the issue. Automatic updates also mean you lose the chance to check each plugin’s release notes, which might contain important information that can save your site from downtime.

Our Approach

In most cases we manually update all plugins and major WordPress core versions, noting which we updated and from what version to what version. This gives us a log of what was changed, allowing us to check our logs to find out what changed and when; that cuts down on the time it would take to solve an issue with an update. We also will run such updates on a staging site first, if one is available.

If the project is under version control, this is also noted in the commit message. In some cases we enable automatic updates on certain plugins, or maybe all plugins in rare cases where we know we have reliable backups going back far enough, or if the site owner is OK with the potential for occasional downtime due to automatic update related breakage.