When users fall behind on updates, it leaves security gaps. Each new version tends to include fixes for known issues.
The importance of staying safe
Automatic WordPress updates run in the background, eliminating the need for manual intervention. WordPress sites can implement the latest security patches and bug fixes, obtaining protection against potential risks and further security vulnerabilities. Cross-site scripting accounted for over half (53.5%) of all new WordPress security vulnerabilities in 2023, followed by cross-site request forgery with just under 17% and broken access control at almost 13%. Plugins caused 96.77% of all new WordPress security issues, and around 43% of new WordPress vulnerabilities were classified as severe or critical.
Automatic updates reduce risks related to outdated components
There are core, plugin, theme, and translation file updates. The website can break and lose data if something goes wrong during the update, and backing it up will make recovering the last working version easier.
By design, automatic WordPress updates reduce risks involving outdated elements that hackers can exploit. When users fall behind on updates, it leaves gaps that cybercriminals can take advantage of to compromise websites. Each new version WordPress or developers release tends to include fixes for known issues, making updates crucial to a website’s health. Auto-updates ensure that security patches are applied immediately and help websites comply with regulations on security best practices.
WordPress updates often improve compatibility, enhance performance, and add new features. The enhanced security and ease of automatic updates benefit users managing small, low-maintenance sites or multiple sites.
On the other hand, manual updates enable complete control, leading some WordPress users to opt out of auto-updates. This is especially true for sites with complex plugin setups or customized themes, where auto updates can elicit compatibility issues.
The role of your hosting provider
Not all WordPress hosting providers offer automatic updates for WordPress core, plugins, and themes. Managed hosting services often include automatic updates as part of their plans. These updates typically cover WordPress core and sometimes plugins and themes, ensuring compatibility and security.
Shared hosting providers with WordPress plans offer optional auto-update settings for WordPress installations. They may allow users to choose whether updates apply automatically or require manual approval. Some hosts using control panels like cPanel with Softaculous may provide auto-update settings that users can enable or disable when WordPress is being installed.
Auto updates can be limited to minor WordPress core releases, such as security updates. Users must then execute major version updates manually. Developers and agencies may disable auto updates in the name of stricter control over website functionality and design.
To find out whether your host offers auto-updates:
- Check the hosting plan features.
- Review the WordPress settings or the host’s dashboard if they aren’t mentioned.
- When all else fails, contact the provider’s support team.
Potential downsides of auto-updates
Updates can occur at inconvenient times because software developers typically schedule and implement them without the end user’s intervention. When no one checks that an update is scheduled, compatibility issues with existing systems or software can ensue. These technical issues then require time and resources to resolve.
The implementation of automatic updates can cause websites to go offline. Depending on the unaddressed security flaw, a breach can also cause downtime, which is likely to be more prolonged and damaging compared to that caused by the update. Downtime is problematic, whatever the cause. In 2022, 76% of companies suffered downtime, and among the top 2,000 companies globally, the average company experienced 466 hours of downtime due to cybersecurity issues and 456 hours of infrastructure or app-related downtime.
The number of outages that took more than 48 hours to fully recover from rose from 4% to 16% between 2017 and 2022. There was also a notable uptick in single incidents incurring damages of over $100,000 – from 39% to almost double that (70%) between 2019 and 2023. Organizations of all sizes and industries reported an increase in hourly downtime costs in 2023 compared to the previous year.
Recap
- Automatic updates reduce risks related to outdated components
- Not all hosting providers offer them
- They come with potential downsides
I’m Isabella Garcia, a WordPress developer and plugin expert. Helping others build powerful websites using WordPress tools and plugins is my specialty.
