Why Auto-Updating Plugins is a Bad Idea

The WordPress Auto Update function was first introduced in Version 3.7, which allowed you to automatically keep WordPress, Plugins, Themes up to date that was stored on the WordPress Repository. However, do you really need to enable automatic updates?

From a security point of view, it would absolutely make sense to enable automatic updates, especially on WordPress Core versions. This is because there may be a security vulnerabilities in the version you’re using and WordPress ensures you are protected against those.

However, I cannot say the same for plugins. Most plugins are released by other developers that are not from WordPress. This means there are cases where new plugin versions are not always tested against latest versions of WordPress.

A good example of this was the recent update to the plugin WP-SCSS. The developers released a new version which would break your website if you have a particular option enabled.

This led to thousands of websites breaking. Some users even reported that they had automatic updates enabled on 50k websites. Ouch!

The plugin developers have yet to address the issue, with many users giving a temporary fix until they address the problem.

The moral of this story is to never have plugin updates enabled automatically. Always manually update your plugins. This is the best way to ensure that if something does break, you can easily revert it.

If however, you are running hundreds, or even thousands of websites then of course updating manually isn’t viable. What you should have however are backups, so that if multiple sites break, it can be rolled back.

On the other hand, another option would be to always test plugins on a staging/development website. If you need help or would like me to manage your website for you then please get in touch. I am a WordPress expert and have been working with the platform since 2011.

Leave a Comment