WordPress 5.5, released on August 11 2020, has introduced a new feature: enabling automatic plugin and theme updates.
Automatic minor updates for WordPress Core (for example, from WordPress 5.4 to 5.4.1) have been around since WordPress 3.7, but having this option for plugins and themes is a new feature.
Up until now, updating plugins and themes has worked like this:
1. Assuming you have administrator access to WordPress, when plugin or theme updates are available, you’re notified in the admin bar.
2. To see the full list of updates, go to Dashboard > Updates.
3. Select the themes or plugins you want to update.
4. Use the Update Plugins or Update Themes button to update them.
So, how does enabling automatic plugin and theme updates work and what are the rewards and risks?
How do you enable automatic plugin updates?
First, you must have updated WordPress to version 5.5 or greater. If you haven’t yet done that, the auto-update feature is not available.
When you’ve updated to WordPress 5.5 or higher (remember to back up first!), you should see a screen similar to this:
Automatic updates are off by default, until you enable them.
Go to Plugins in the menu and you’ll see a new column in the table after Plugin and Description: Automatic Updates.
You can enable auto-updates for each plugin individually, or you can select multiple plugins and choose Enable auto-updates and Apply from the Bulk Actions menu.
How do you enable automatic theme updates?
Enabling automatic theme updates is a little different. There’s no table of themes where you can select them all. Instead you need to select each theme individually and enable auto-updates.
Hover over the screenshot of the theme or use the Tab key to highlight it, then select Theme Details.
Then select the Enable auto-updates link.
Once enabled, the link will switch to Disable auto-updates. If an update is available, you will be told when the auto-update will take place.
Some plugin and theme authors may have disabled auto-updates. If that’s the case, you will see a message, “Auto-updates are not enabled for this plugin” or “Auto-updates are not enabled for this theme”.
What happens after auto-updates are enabled?
When auto-updates are enabled and new updates are available, the plugins and themes you selected for auto-updates should be updated after a set time period. Otherwise, they’ll be updated shortly after the next update becomes available.
You should also receive an email which tells you what was updated. (Should you not wish to receive these emails, using the Disable Theme and Plugin Auto-Update Emails plugin will stop them.)
So, can you sit back and relax? Unfortunately, no.
Problems with auto-updates
Auto-updates depend on a system called WP-Cron, which checks periodically for tasks to be run.
But WP-Cron requires traffic to your site to be to be triggered. If your site has very low traffic, WP-Cron won’t run until someone visits. Conversely if you have a high traffic site, WP-Cron can impact performance because it runs every time a page loads.
If WP-Cron doesn’t run properly and your themes and/or plugins fail to update, you might see a message like this in the Plugins section of the WordPress admin:
In addition, Site Health may flag the same problem:
The trouble with WP-Cron problems is that they affect all your WordPress scheduled tasks, for example scheduling posts. While WP-Cron will have another go at running your updates, the same issue may recur.
One approach to fix WP-Cron issues is to disable WP-Cron and run system cron instead.
Plugin or theme update failures
Sometimes a plugin or theme will fail to update for some reason. For example, if a plugin or theme needs a license key to be updated, auto-updates won’t work until you supply the license key.
No email notifications
Another problem is that you might not receive the email notifications telling you what was updated. If that’s the case, follow WPBeginner’s tutorial on fixing WordPress not sending email.
What are the advantages of enabling plugin and theme auto-updates?
The advantages of enabling auto-updates are:
- You will always have the most up to date version of a theme or plugin.
- If a plugin or theme security fix is released, you’ll get it right away, securing your site.
- You should be in the habit of regularly maintaining your site, but if you aren’t, your themes and plugins will be kept up to date without you having to lift a finger.
What are the disadvantages of enabling plugin and theme auto-updates?
The main disadvantage of enabling auto-updates is that plugins and themes can sometimes fail to function properly after an update. In the worst-case scenario, you might see a “critical error” like this on your site:
Why do updated themes and plugins cause errors?
- Developers are human and make mistakes. Sometimes they introduce bugs inadvertently without meaning to!
- There are thousands of plugins and themes in the WordPress ecosystem. It would be impossible to test every combination of them for conflicts when a new version is due for release.
As an example of the second case, I recently received an email warning of a conflict between WooCommerce 4.4.0 and WP Rocket. The developers released a new version of WP Rocket which fixed the problem. Their advice was to update WP Rocket first, before updating WooCommerce to the newest version.
Timing is another issue with auto-updates. By choosing to automatically update, you lose control over when an update is performed. If your ecommerce plugin auto-updated just before your main sale of the year and the update broke your store, you’d be rightly upset!
An update problem that you don’t notice right away could also be a big headache. If your email signup form stopped taking emails after an update, you might miss out on new leads for days, weeks or months.
Another downside of auto-updates as they stand is that there’s no way to approve certain types of updates like security fixes but disallow other types, like major feature enhancements.
What can you do if a plugin or theme update goes wrong?
If you find that a plugin or theme update leaves you with a broken site, you have a couple of options:
- Restore your site from a recent backup. If your backup is older than your last content update, though, you might have to accept losing some content. This is why it’s a great idea to take a backup just before you do any WordPress updates.
- Use the WP Rollback plugin to roll back the troublesome theme or plugin to an earlier stable version. Beware, though – you can only roll back plugins or themes that are downloadable from WordPress.org, and sometimes there isn’t an older version available to roll back to.
If a number of updates occurred at the same time and you’re not sure which plugin or theme caused the problem, you may be able to use the Health Check and Troubleshooting plugin. Using this plugin when you are logged in will set your site to using the default theme but with no plugins enabled, so you can figure out the culprit. But your visitors will see your site as normal while you troubleshoot.
Are any themes or plugins more likely to cause problems when they are updated?
Themes are usually less problematic to update, as you can only have one active theme at a time.
You should only have three themes installed at the most. That is:
- A default theme like Twenty Twenty
- Your active theme
- A child theme, if you are using one
Obviously, the more plugins you have installed, the greater the chance of breakages. It’s not inherently bad to use many plugins, but you should delete any that you aren’t using (especially inactive ones).
Plugins that are updated frequently may be at more risk of problems developing. On the other hand, they may be quick to respond to issues. Yoast SEO aims to release an update every fortnight. When they released version 14.0, some sites didn’t behave as expected and they quickly had to release patches.
Mission-critical plugins, like WooCommerce for an online store, are best updated manually. This is especially true when the update is a major release, such as WooCommerce 4.0. Read WooCommerce’s update guide for details.
The super-safe way to update your WordPress themes and plugins
The safest way to update your themes and plugins is to use a staging site. This is a clone of your live site with a different URL, used for testing purposes.
You can try updating plugins and themes on your staging site in the usual way. If anything breaks, your live site will be unaffected. If you discover a problem with a particular plugin or theme you can hold off updating it on your live site. You can also reach out to the developer and ask them to provide a patched version.
A number of hosts offer staging sites as part of their service, but they tend to be on the more expensive side. I use WP Engine (affiliate link).
Another option for staging is a service like BlogVault, where you can both take backups and create a staging site very easily. It works out at less than $8/month for a single site.
The next best way to update your WordPress themes and plugins
If you don’t have the resources to run a staging site, the next best way to do your theme and plugin updates is to use an on-demand backup and restore service.
I like and use ManageWP. Their “Safe Update” feature backs up a site just before updating and shows you a thumbnail of the home page before and after so you can inspect it to see if anything has gone wrong visually.
If something is amiss after the update, you can restore your backup easily. It has saved my bacon a few times!
So, should you use WordPress automatic plugin and theme updates?
The Wordfence blog has an excellent post weighing up the pros and cons of auto-updates.
Their conclusion is that for small sites such as blogs and brochure sites, enabling auto-updates for themes and plugins is a good idea. Sites like this may not be accessed as often, so auto-updating will keep them more secure.
But for ecommerce or enterprise sites, blanketly enabling plugin and theme auto-updates is a much riskier strategy. Unlike other software, WordPress doesn’t do canary deployments, where a software update can be pushed out to a small group of users for testing before being rolled out to the masses. By enabling auto-updates on these sites, the chance for spotting potential pitfalls is lost, and the cost of disruption is much higher.
If you have a site that’s somewhere in between the two, you may want to enable some auto-updates of themes and plugins you trust and leave others to update manually.
What are your thoughts on WordPress automatic plugin and theme updates? Are you using them? Let me know in the comments.