Why Auto-Updates could be Risky for Websites and What can you do to Protect it?

A Risky WordPress Feature

Since its launch as an open source platform – WordPress has been continuously undergoing updates to make it more advanced and also to patch any bugs and address security issues associated with it. Till now 5 versions of WordPress have been released with the latest being WordPress 5.7 “Esperanza” released officially on 9th,March,2021.

As with all versions bringing in something new – whether a feature update or an altogether new feature – it comes with its own set of advantages and disadvantages. That being said, WordPress 5.6 bought a new feature in the market called ‘Auto Update’. Now we know that it sounds ‘oooohhh’ but trust us – it is more of an ‘hmmmmmm’. Why? Like already said, there are always two sides to everything. While there are many benefits of this feature there are downsides as well.

In this article, we aim to discuss both these sides and also tell you how using some precautions you can take advantage of this new feature.

WordPress Auto-Update - For Better or For Worse!!

For Better…

As we all know that WordPress currently fuels the majority of the websites across the globe. And whilst it’s easy to create a website on WordPress, keeping it up-to-date is totally a different cup of tea. As a website owner and an entrepreneur, you are bound to get busy in the daily business activities and obviously will not have the time to keep yourself up-to-date on the latest news regarding WordPress as a website platform, let alone update it.


…..In another situation, you might be aware of the update that is required but putting it off because you do not want to get in the crisis of fixing any problems that may arise because of the update.


….You have a team that runs your WordPress website but as an admin you require a lot of coordination and effort to bring everyone together and do the update not to mention the potential problems that may occur on a fully functioning website that is bringing in the revenue for you.

It is for such situations that WordPress released the feature of Auto-Update so that you do not have to worry about anything and the feature lets you update your website as soon as it comes whether it is a minor update or a major. Now with such dreamy advantages, disadvantages bring us back to reality.

….Or For Worse!!

One of the biggest downfalls is that, although the update will be tried and tested, in some cases it can cause major issues such as incompatibility with existing plugins causing the website to falter or can cause a downtime. Such issues can really impact the business if you are unprepared or even unequipped to handle such matters.

Moreover, with auto-updates, you might not know what has been updated or more importantly ‘what changed’ in the core WordPress. This can cause a problem when troubleshooting an issue that may potentially arise following the update.

Another issue can be related to security vulnerabilities. You would have to do an extensive code review every time an ‘auto-update’ occurs to check for any security vulnerability that might have been introduced in the code. This can lead to malware attacks and viruses infecting the WordPress website if left unchecked.

Even with all these issues, there are certain ways that you can utilize for your advantage to overcome the disadvantages. How? Let’s look at it next.

What are Three Good Ways to Auto-Update your WordPress Website Safely?

When you enable WordPress auto-update, you can enhance your site’s security by getting rid of outdated stuff and unnecessary workload. However, there are some threats which can happen due to WordPress auto-update. That’s why here are the following recommended three good ways to auto-update your WordPress website safely and effectively:

1. Only Auto-Update your Themes and Plugins for your Convenience

Technically, when a new version of WordPress is issued, many pre-release versions go online so that developers could try them to test their plugins and themes. It means that they (developers) have a chance to identify issues and resolve them timely so that a new and flawless version of WordPress could be announced officially.

Possibly, the developers may not have complete resources to update their themes and plugins at the right time. Therefore, when you try to install a theme or a plugin update right out of the gate, you can face the possibilities of conflicts or technical glitches on your website.

If you’re intending to enable auto-updates for WordPress Core, it’s better to enable auto-updates for plugins and themes as well. You just need to log into your admin dashboard and then navigate to ‘Plugins > Installed Plugins.’

There you can select the plugin checkbox – check the image below:


In the next step, you can open ‘the Bulk Actions’ dropdown and click ‘Enable Auto-Updates > Apply.’ In order to lessen your chances of plugin conflicts, you may opt for deleting unused plugins.

However, you can enable auto-updates for your WordPress theme with ease, just navigate to ‘Appearance > Themes’. And, now hover over to the theme you’re using currently and select ‘Theme Details’:


Finally, click on ‘Enable auto-updates’. And, your WordPress theme will start automatic updating once a new version will be available.

2. Make a Separate and Regular backup

The most unpleasant thing which can happen with the WordPress auto-update is that ‘it can entirely break your WordPress website’ or push you aggressively offline mode: a world of anonymity for a website. If it’s occurring to you — it’s critical for you to restore your site as early as possible because downtime can destroy your lead conversion and sales. Prolonged downtime is one of the key causes which might lead to long-term damages to your online visibility and rankings across the search engines.

In such cases, regular backups become the knight in shining armor. Because you have quick access to your recent work that you’ve done on your website that you can use to restore your website if any downtime has occurred. Plus, you can easily restore earlier copies of your contents. And, when you’ve resumed back to your WordPress website, you can investigate more to detect root causes for technical problems with your website last time.

At this point, we would recommend you to use UpdraftPlus: a WordPress plugin, useful for quick backup of your website. From weekly to monthly, you can benefit from this plugin to secure your website and restore it when you need it most.

Alternatively, you can use daily cloud backup by WP-Bridge which can help you restore your complete website in prescribed time, if something bad happens without you being concerned about it.

3. Enabling all of WordPress Auto-Updates Manually

Manually enabling automatic updates for major releases in WordPress can be helpful in protecting your website from any trouble. But, this method requires you to add a code in your WordPress files. To be successful in this process, you need to add these lines of code in ‘wp-config.php’ file of your WordPress site:

					define (‘WP_AUTO_UPDATE_CORE’, true );

{ Here’s a little problem incurring with this code; it just enables developmental or nightly updates}


For disabling this nightly builds, add the following code:

					add_filter( 'allow_dev_auto_core_updates', '__return_false' );

Your WordPress site can update itself automatically without any need of you putting your precious time in updating. This is why, enabling all of WordPress Updates manually will save you from various security loopholes and shortcomings. Plus, we offer WordPress technical audits in which we conduct complete analysis of your WordPress website to fix all technical issues.

So What is your Decision Regarding WordPress Auto-Update?

Finally, we laser focused on why most of the WordPress users have to go through the ‘Auto-Update’ issue even though the auto-update (as a feature) was developed to help us in mitigating our workload.

So now the question is in your court – Is the match or the feature in this article a ‘better or a for a worse’ thing for you?

If you need more information regarding this matter, or are looking for assistance in making an informed decision, Contact us right now and our professional WordPress developers and strategists will help you fully.

WordPress Website Monitoring 24/7?

Let us manage your WordPress site with top-notch security and high-end technical features– all-in-one-place.

Recent Blog

Tired of a Slow Loading Website? Want to Make WordPress website Load Faster?

WP Bridge uses cookies and similar technologies as strictly necessary to make our site work. We and our partners would also like to set additional cookies to analyze your use of our site, to personalize and enhance your visit to our site and to show you more relevant content and advertising. For more information, please read our Privacy Statement.

Website Audit Form

We’re looking forward to providing ongoing support for your website! Please fill out the form below for website audit report.
This is the website URL for your monthly maintenance package.