With the release of WordPress version 5.5 all plugins can be enabled to be automatically updated. All site owners now have the option to turn auto-updates on for individual plugins directly from the WordPress admin dashboard.
Site owners can choose to turn on auto-updates for all of the installed plugins, choose to auto-update some of their plugins, or choose not to turn on auto-updates for any plugins whatsoever.
What does this mean if auto-update is turned on for a particular plugin?
Whenever there is an update, be it a minor security fix or a large scale feature update, the new version of the plugin will be downloaded and automatically installed on the site. These updates are called ‘unattended updates’.
This update could be triggered at any time, even while you or any authorized user is working on the site. The site owner will receive an email that updates have taken place.
Automated ‘unattended’ updates might be a good thing for certain websites which have been mostly going unattended for years as they are at a higher risk of being hacked due to outdated plugins and themes.
But are there risks involved with an unattended auto-update? Let’s take a look.
1. You may be unaware there is a problem on your website
Unattended updates can happen at any time and these updates may introduce issues that could affect other plugins. Let’s say you’re away or have not been monitoring your website. Your website could be non-functioning for months before you are aware.
2. Major version releases can cause compatibility problems
Many times it’s prudent to wait before updating especially when a plugin has pushed out a major release. Quite often, we have seen the initial release breaking the website. Or the new release has compatibility issues with other plugins. Auto-updates take away control on when not to update.
3. Debugging when a problem occurs
With updates happening automatically, there might be a number of plugins that are updated before you realize there is a problem. When multiple updates have happened trying to backtrack to pinpoint the root of the problem can become much harder and costlier both in time and money.
4. Auto-updates can happen at an inopportune time
You could be in the middle of changing content or a customer could be interacting with your website, when an update is triggered. This could have a negative experience for your customers.
The approach we recommend for Small Business Owners
Before WordPress 5.5 almost all updates were attended ‘controlled’ updates. This means that there is someone who initiates the update. That person can read the developer’s changelog and determine if the plugin should be updated. Also one can test the site immediately after the update, to ensure that no problems were introduced.
Unattended updates means there is a loss of control.
For a small business owner, where a website is an integral part of the business, we recommend that all updates are ‘attended’. This will ensure that you are in control and take immediate action when necessary. You should NOT enable auto-updates.