As I was checking the backend of WP Mainline today, I noticed I had 6 plugin updates ready to be installed. I typically read the changelogs of each update to get a sense of what’s new or if there is anything important I need to know before clicking the button. It turns out that four days ago, Paid Membership Pro pushed out an update that includes a security fix.
SECURITY: Updated escaping on the discount codes page in the dashboard to prevent XSS attacks. #1867 (Thanks, Erwan from WPScan)Paid Membership Pro Changelog
This got me thinking. In years past, I’ve been a vocal proponent of not enabling automatic plugin updates for fear of my site breaking at the most inopportune time. However, that was a few years ago. I tend to think things are better now and with routine backups taking place for this site, the fears are probably unwarranted. The biggest concern I have is going four or five days without a security-related update because I feel that time is of the essence when it comes to security. The sooner it’s patched, the better.
I asked around on Twitter to see if anyone else has been running automatic plugin updates for a while and what they’ve experienced.
These responses confirm that I probably don’t have much to fear. Besides, if something breaks, this is not a mission-critical site and it has been a while since I’ve performed some troubleshooting. It would probably do me good. So from here on out, I have 38 plugins that are configured to update automatically. If something breaks, I’ll be sure to blab about it on Twitter.