An announcement made last February by the WordPress Core development team reveals that automatic updates for plugins and themes would make its way into the WordPress 5.5 release slated for August 11, 2020. WordPress 5.6 would then see automatic core updates with an opt-in feature. There are plenty of questions to be answered, but the one that stands out for me is this: are automatic updates a mistake?
The Problem with Automatic Updates
As I reflect on the past ten years of automatic updates, I find more reasons why this would be a bad idea than anything else. There are plenty of instances of companies releasing new software that has been detrimental to the operation of the product.
Last month Microsoft released a Windows 10 update that caused crashes and required many people to revert to an older version to resume proper functionality. The same Windows 10 update may have removed a required font used by a client of mine and prevented them from being able to print out government documents for submission.
When updating from macOS 10.13 High Sierra to 10.14 Mojave, the new system files prevented Mojave from communicating correctly with a client’s print server while upgrading from Mojave to 10.15 Catalina resolved most of the issues.
Even I have released plugin updates that worked perfectly in a testing environment but had debilitating bugs once it was released publically. I found that the testing environment was not the average user experience and rushed to fix the problems. Had there been automatic updates at the time, everyone who had that plugin installed would have discovered a white screened, broken site.
WordPress does have automatic updates enabled in the form of security updates. This choice has proven to be successful so far. I believe this is because these updates are restricted to WordPress core, the main operational components of the software, and initiated by the WordPress Foundation, not third-party developers. There is a process in place that provides quality assurance for the released software.
Are Automatic Updates Feasible?
The great thing about WordPress is that anybody can learn to develop plugins and themes for free; this is also the problem. The only way a standardization for WordPress plugins is possible is through the official WordPress plugin repository. However, this is not how the WordPress repository works. They have their process, for sure, but there is nothing in place to verify that a plugin won’t break a site. I don’t even know if there is a reasonable way for them to test a plugin in that manner.
The burden is placed on plugin and theme developers to adopt development strategies that address these issues. These strategies are often a result of experience. One expectation has to do with maintaining backward compatibility, but this is only one way a plugin update can cause issues in a long list of potential and likely problems that are part of the developer’s journey.
There is already a disparity between the quality of plugins: the majority of developers are hobbyists. The professional concerns of project management aren’t as much of a problem when they are only building plugins as a side project. This disparity also exists due to less popular plugins.
The Plugin’s Purpose
The primary feature of the WP Auto-updates plugin, which will be integrated into WordPress core when the time comes, is the ability to enable and disable automatic updates for each theme and plugin. This function, I believe, is a step in the right direction but does not solve the primary problem.
If you have a plugin installed that has a history of breaking your site, you can disable the automatic update for that plugin. What happens, then, when a developer has an excellent reputation releases code that accidentally breaks your site? In a lot of cases, this will throw an error. If this is a fatal error, then the website displaying a white screen. If the company then releases a patch, your site will stay broken because of the nature of the error.
In its current state, there is a strong possibility that automatic updates will be a feature that I ignore when I manage a website.
There are plenty of third-party automatic update solutions available. This feature is standard when it comes to WordPress management services. The difference is that these solutions are designed to backup the website before the update initiates. The backup and the update are initiated outside of the WordPress ecosystem and provide a relatively quick means of restoring the site if things go sideways.
Even with this precaution, I only initiate manual updates of client sites. When the update is complete, I verify the updates didn’t alter the frontend.
The WordPress core version of this process is currently inferior and has no built-in way of rolling back broken updates.
One feature concept that could be a solution is to enable update snapshots before an update that will allow the user to roll back to a state before the update. One available option is WP Reset, which does just that, it takes a snapshot of the database before an update occurs.
Not the Whole Story
Surprise! Automatic updates are already a feature of WordPress core. This plugin only provides an interface to give direct user control, but plugin developers could have enabled this feature through their plugin. WordPress 3.7 introduced the ability to control automatic updates in October 2013.
Site owners and admins will be able to disable the interface by setting either the WP_DISABLE_PLUGINS_AUTO_UPDATE or WP_DISABLE_THEMES_AUTO_UPDATE constants to true in wp-config. The core update will also include filters to disable associated features.
I see this move as one that may increase the risk associated with updating and places a greater burden on developers. I am concerned about uneducated WordPress admins enabling updates and catastrophic failure occurring on their site.
One of the benefits of not having automatic updates is the buffer between when a plugin is released and when a user installs the update. I have found that I can avoid quite a multitude of issues when I allow a couple of days between a plugin release and when I update the plugin.
This time gap generally translates to patched bugs. A released plugin has a larger userbase than a beta plugin. A larger test sample and a more extended testing period increase the stability of the released code. Automatic updates mean that everyone has issues.
What are your thoughts on automatic updates in WordPress? Have you experienced issues with updates in the past? Do you have potential solutions? Do you plan on using this feature? Let us know in the comments.