I was a bit perturbed during a WordCamp speech that a security plugin developer told his crowd that if you don’t allow automatic updates, you’re a fool and stupid. I find that a foolish statement, considering the fact that backups and security should go hand in hand. Before updating any software, you make a backup. I’m not here to call people out, or convert people. I just find it a tad disturbing for anyone to make such a bold statement without justifying the fact that some updates can go wrong, and backing up first would be more ideal.
I don’t allow my computer software to automatically update either. I make a backup, because of those rare “just in case” moments. I’d rather not be caught with my pants down.
I’m not against automatic updates (I’m a firm encourager of keeping WordPress or any website software up-to-date), but I’m not going to sit down and be lectured by others when I know better from experience. I’ve expressed my opinion this issue back in January of 2014, and also in November of 2013 to give the end user an option (added feature of update) to turn off automatic updates. More than 2 years later, I still feel just as strongly.
I know that the automatic updates feature was put in place to help with the issue of those who were being compromised, and really weren’t savvy enough in managing their WordPress website, or understanding that keeping a website’s software up-to-date keeps it a little more secure. Sure, the minor updates are suppose be important and just as necessary as the major WordPress updates. However, I can’t just join the sheep herd and do the automatic updates. I have to make a backup right before I update.
Does that make me foolish? No. It makes me diligent and coincides with what I preach: You are responsible for your own website, including backing it up, having a security plan in place, and making sure your site’s software is up-to-date. Making a backup doesn’t take long, and usually within hours of the issued update, whether it’s major or minor, I’ve already tested it on my beta site, and then have pushed it live. Having automatic updates allowed is a personal preference because I take control of my website’s health.
For the regular user, or the one that doesn’t have a lot of time to manage their website, it’s completely fine to do automatic backups. However, make sure you have a backup plan in place.
I’ve faced having to fix websites because they never backed up their website, ran an update without testing it, and something went wrong. WordPress does have a lot of beta testers, and I’ve had only a couple hiccups throughout the years, but there are a lot of different setups (different plugins used, different theme), and sometimes it just doesn’t work right. Sometimes it might even be the server. Glitches CAN happen during an update of WordPress, of a plugin, or of a theme.
I think we need to better educate WordPress users truly interested in taking charge of maintaining their websites. And when we do, that explaining a true and diligent update plan is best. It’s the website owners decision in the end on how they handle their site anyway.
(Note: Background for featured image is originally done by Freepik. Altered by me.)
What’s your take on zero-day exploits? Allowing WordPress to automatically and quickly secure your sites might be beneficial here.
Thanks,
Please realize that I’m not telling people to not run updates. You should be updating your website, and the automatic updates probably are a great thing for newer websites. However, for people who have a lot of content, and have customizations in place, making a backup, and then testing the update before updating your live site is better.
An automatic update can be applied when it’s available, and it your website messes up, if you didn’t have a backup, you end up having to take more time fixing what messed up.