As you may have heard, WordPress 5.5 introduces a User Interface (UI) for toggling automatic plugin and theme updates.
The underlying functionality has actually existed in WordPress since automatic core updates were introduced way back in WordPress 3.7, but for the first time WordPress core is shipping with a user interface for controlling what gets updated.
What Automatic WordPress Plugin and Theme Updates Look Like
As of WordPress 5.5, WP Admin contains a column in the plugins table and on individual themes’ detail screens enabling site administrators to enable (or disable) automatic updates.
Twice a day, WordPress will check to see if newer versions of your installed plugins and/or themes are available and, if you’ve opted into automatic updates, install the latest versions.
If any plugin or theme should fail to update, WordPress will revert that change and send an email to the site’s administrator.
Should I enable automatic WordPress plugin and theme updates?
The short answer, unfortunately, is “it depends.”
If you’ve worked with WordPress for a while, you’ve probably heard (or experienced) horror stories about plugin updates going awry: broken functionality, plugin incompatibilities, or even the dreaded “White Screen of Death” (WSoD) have occurred.
For a hobby site or personal blog, these may be a minor annoyance, but for stores running on platforms like WooCommerce, this can have a significant financial impact.
Ultimately, whether or not you enable automatic updates will come down to your risk tolerance and how much you trust the developers behind your favorite plugins and themes.
Note: For Nexcess customers, you can rest assured that we’re taking daily backups of both your sites’ code and content. We also have visual regression testing to validate that the update went smoothly. If something goes wrong, we can have your site up and running again in short-order.
With that in mind, here are some tips to reduce the chances of an unattended plugin and/or theme update going off the rails:
Use single-purpose plugins from trusted developers
There are hundreds of thousands of WordPress plugins and themes available, but they are not all built the same.
Automattic, the company behind WordPress.com, maintains several of the most popular WordPress plugins: Jetpack, WooCommerce, Akismet, and more. They also have entire teams of developers and support technicians (“Happiness Engineers”) dedicated to the ongoing development of these plugins.
Likewise, companies like iThemes, Yoast, Sandhills Development, and Awesome Motive have built extremely popular plugins and products installed on millions of WordPress sites, but tend to run smaller teams that may be focused on multiple products concurrently.
Not all plugins have this same level of attention, though. In fact, many WordPress plugins are the result of a single developer scratching a particular itch and sharing their work with the world. The developer may not be interested in providing support, or may not have plans to update the plugin moving forward.
If you’re running a plugin that’s maintained by bigger names in the WordPress community, the chances of a plugin update completely breaking your site is likely far smaller than a small developer who may not have the bandwidth for handling support requests nor a solid QA process.
Your best bet is often to stick to plugins and themes from known entities. You might also consider incentivizing the developers of the plugins and themes you depend on; the plugin may have been free to install, but maintenance of a free plugin still takes time.
Similarly, try to avoid using plugins that try to do too much: the less an individual plugin is responsible for, the less likely it is to break in new and spectacular ways or have conflicts with other plugins.
Never modify plugins or themes directly
Sometimes a plugin does almost everything we want or a theme is almost perfect, and it can be tempting to tweak a value in the source and call it a day.
Unfortunately, the next time that plugin or theme gets updated, these changes are wiped away as WordPress replaces the entire plugin/theme directory with the newly-downloaded version.
A better approach is to extend the plugin or theme using actions and filters (collectively “hooks”) to make adjustments without touching the third-party code.
In the case of themes, we can further extend and/or override parts of the theme by creating a child theme.
Follow the development of critical plugins
If there are a handful of plugins that are crucial to your business, it may not be a bad idea to subscribe to any updates the developers might publish.
For instance, a WooCommerce store owner would likely benefit from subscribing to the WooCommerce Developer Blog — even if you’re not a developer, these blogs often hold details about the new features (and potential conflicts) in future releases.
Some of the larger communities (including WooCommerce) have dedicated Slack teams, where users can interface directly with the plugin developers.
Create (and Test!) Regular Backups
Sometimes, things will go wrong; whether an update goes awry, a site gets hacked, or an editor accidentally deletes a very important post, it’s always a good idea to have backups readily available.
For Nexcess customers, you can rest assured that we’re taking daily backups of both your sites’ code and content. If something goes wrong, we can have your site up and running again in short-order.
If you want to have a second backup of your site (or first, if your host doesn’t offer backups), you may consider a plugin like UpdraftPlus or BlogVault, which let you schedule backups to external services.
It’s not enough just to create the backup, though; on a semi-regular basis, you should be restoring site backups to a development or staging environment to make sure everything you’re expecting to see is present. Don’t wait until you’re restoring a broken site to discover that some crucial data wasn’t included in your archives!
Automate the Testing of Updates
There’s a big movement towards automation these days, and you can take advantage of these tools and techniques to make sure your sites are always behaving as you expect.
For example, you might use a service like Reflect to write a series of automated tests for your site. Specify key URLs, tell the service where to click and what to look for, and instruct it to run the tests every few hours. Should the tests ever fail, you’ll get an email alerting you to the fact that something has gone wrong.
Of course, if you’re running tests every 12 hours but plugin updates are happening somewhere between those intervals, you may find that your site is broken for hours before you even know about it!
This is where your web host comes in: if you’re on any sort of Managed WordPress hosting plan, your host should be proactive in letting you know if updates are breaking your site.
For example: at Nexcess, we don’t simply apply every plugin update as it becomes available. Instead, we perform what’s known as Visual Regression Testing before each and every plugin update. Here’s how it works:
First, we determine a set of important, representative URLs on a site: the homepage, shopping carts, product catalogs, blog posts, etc.
Next, we create a copy of your site within our network, and take screenshots of these key URLs; these serve as the “before” snapshots.
Once we have a set of screenshots, we upgrade the plugin on the cloned site, then take fresh screenshots of those same URLs to get our “after” images.
Finally, with both before and after screenshots in-hand, we compare these images to see if anything has changed on any of the pages and/or if any errors have popped up; if nothing has changed, we go ahead and upgrade the plugin on the production site. If however we do detect differences, we alert you (and show our work) so you can decide whether or not to upgrade the plugin in question.
What’s the point of Managed WordPress hosting if I have automatic updates?
Whether you opt for WordPress’ native automatic updates or the more sophisticated offerings included in your Nexcess Managed WordPress/WooCommerce hosting, keeping your site performant, secure, and online extends beyond just keeping things up-to-date.
Every day, we’re tweaking configurations and building new features to squeeze every bit of performance out of our platforms, built by people who know WordPress inside and out. From auto-scaling to Content Delivery Networks (CDNs), our platform is designed from the ground-up for speed, security, and ease of use. At the same time, we’re partnering with industry leaders to deliver the best of the WordPress community for a low, monthly price and backing it all up with best-in-class, 24/7 support.
Whether you opt to use WordPress core’s automatic updates or trust us to handle them for you, know that Nexcess is there for you every step of the way.