Biting the Bullet – Enabling Auto-Updates for Plugins

As I was checking the backend of WP Mainline today, I noticed I had 6 plugin updates ready to be installed. I typically read the changelogs of each update to get a sense of what’s new or if there is anything important I need to know before clicking the button. It turns out that four days ago, Paid Membership Pro pushed out an update that includes a security fix.

SECURITY: Updated escaping on the discount codes page in the dashboard to prevent XSS attacks. #1867 (Thanks, Erwan from WPScan)

Paid Membership Pro Changelog

This got me thinking. In years past, I’ve been a vocal proponent of not enabling automatic plugin updates for fear of my site breaking at the most inopportune time. However, that was a few years ago. I tend to think things are better now and with routine backups taking place for this site, the fears are probably unwarranted. The biggest concern I have is going four or five days without a security-related update because I feel that time is of the essence when it comes to security. The sooner it’s patched, the better.

I asked around on Twitter to see if anyone else has been running automatic plugin updates for a while and what they’ve experienced.

These responses confirm that I probably don’t have much to fear. Besides, if something breaks, this is not a mission-critical site and it has been a while since I’ve performed some troubleshooting. It would probably do me good. So from here on out, I have 38 plugins that are configured to update automatically. If something breaks, I’ll be sure to blab about it on Twitter.

1 thought on “Biting the Bullet – Enabling Auto-Updates for Plugins”

  1. There are certain plugins where I will allow auto-updates. Gravity Forms, for example, lets you choose between minor and major releases. I don’t mind minor updates being applied in that case.

    But I generally don’t trust plugins or themes to run on autopilot. How many times has there been a release, and then a bug fix comes out an hour later? When you manage a lot of sites, I just think there’s too much risk.

    On the other hand, it may be a good solution when you have clients you know aren’t going to pay attention to software updates. If something breaks, at least there’s a revenue opportunity. 😁

Leave a Comment