WordPress automatic updates a bad idea

Forced automatic updates is a concept that has been throw around many times throughout the years. Recently the questioned was asked – should WordPress make automatic updates standard practice. Actually the question related to WordPress themes. But the debate should cover all parts requiring updates.

Security “experts” feel end users just can’t get the job done without some hand holding. In many ways that train of thought is correct. Unfortunately updates can cause there own problems. Many times security updates, usability improvements or software fixes create unforeseen conflicts. Even after extensive beta testing.

There is also the concept of choice. Shouldn’t users be able to decide what they want to do with hardware & software they own / use? Some argue that users excuses for not upgrading aren’t valid. Others feel the benefit of security patches outweighs the risk of upgrading.

In the past new versions of WordPress or security updates have caused some serious headaches. It’s my experience that these types of problems have decreased. With themes the chance of an issue actually increases. Few themes have any type of settings backup. I’ve seem no themes offering backup of tweaks done to the visual appearance. So any changes you put in place disappear. Unless you have created and are using a child theme.

No matter which method of upgrade is put in place – users will always have complaints. If forced updates aren’t installed users will ask why they weren’t protected. The other side is – if something breaks users will ask why a “broken” updated was installed without their approval. Some security minded people might wonder if there are privacy concerns with auto updates and what information is being collected and shared.

Personally I believe in user choice even though this can have overall negative security consequences. All updates should be opt-in. There is always a concern even when trusted software “phones home” to check for updates. In theory this could be used as an avenue of attack.

I’ve always felt open source software was supposed to be about user choice and empowerment. Forcing automatic updates goes against that mantra.

Web hosting Cloud services Domain registration Webdesign

Is WordPress really secure

I use Easy Theme and Plugin Upgrades to keep informed of updates for my WordPress themes and installed plugins

Should Automatic Upgrades Be Opt-In

What’s The Best Way To Be Notified Of Theme And Plugin Updates

Upgrading WordPress ALL THE TIME is a Security Best-Practice

The Aftermath Of The TimThumb Vulnerability

Timthumb.php Mass Infection – Aftermath – Part I

Leave a Comment

Your email address will not be published.