The popularity of WordPress is perhaps the chief reason for it being the primary target of hackers.
Enough damage could be done just by locating one vulnerability. The critical question still exists – How can an average user of WordPress secure their website against such threats?
There are so many ways to keep your WordPress website secure, however keeping your core WordPress files, theme & plugins up to date is a priority. Keeping all updates on track can be very difficult. Some might say, the solution is in WordPress automatic updates.
WordPress sets automatic updates ON by default. However, you should be fully aware about the pros and cons of Automatic Updates.
WordPress Automatic Updates are not a set it up and forget solution, you have to keep a watchful eye on it always.
The Pros of WordPress Automatic Updates
People use to criticise WordPress Automatic Updates however, there are so many worthy advantages of it. Below mentioned are some of those:
- One of the biggest selling points of WordPress Automatic Updates is they prevent most security vulnerabilities.
- The vulnerability in any plugin can work as some sort of attack vector and Automatic updates can certainly prevent this risk.
- WordPress Automatic Updates will enable you to access new features of WordPress Core, plugins and themes faster than normal updates.
- The WordPress Automatic Updates allows you to invest more of your time on the content of your website rather than spending it on managing your website.
Looking only at the pros, it sounds perfect right? But wait, before jumping to a conclusion, I think it would be smarter for you to take a look at the Cons of the WordPress Automatic Updates.
First let’s discuss the downsides and then we’ll talk about the right things for you to do, when it comes to WordPress Automatic Updates.
The Cons of the WordPress Automatic Updates
After seeing the good, let’s talk about the bad.
- If you have enabled Automatic Updates, unless you know when the major updates are, you won’t be able to get a full backup of the site before updating. And if a major update causes compatibility issues, there are chances it could break your site. And unless you have uptime monitoring in place, then your site could be down for a long time without knowing.
- This can be one of the most annoying problems of WordPress automatic updates. It automatically replaces your core files and overwrites custom changes such as enabling or disabling your theme/plugin editor or enforcing Secure Socket Layer (SSL) login.
- Updating your theme will override customisations. However, you should avoid this by using a child theme.
You can turn your WordPress automatic updates on in spite of these risks, but there are precautions you should take, I will be telling you about these precautions so, please bear with me for a while longer.
In a nutshell, it is all about minimising your risks.
How To Enable WordPress Automatic Updates?
Before enabling WordPress updates, I would like to walk you through one of the common problems while working on with WordPress which are indeed solvable with attention to detail.
The flexibility of WordPress is it’s greatest and worst feature. For example if you have a cobbled together website, built by a complete novice, that has an off the shelf theme and many plugins, compatibility problems can occur on almost every WordPress update. If you have such a website, theres no need to start thinking about switching from WordPress or getting a new site because this can be rectified.
The biggest reason for constant compatibility issues to persist is you. Shocked?! Well, how about that food for thought?
Many blame WordPress for these types of issues, but this is unfounded. Websites gets compatibility issues because add-ons are not compatible with the newer core updates of WordPress.
WordPress is not always perfect but it’s mostly backwards compatible and gives plenty of warnings enabling developers to update their themes and plugins in a timely manner.
It is your responsibility to keep track of your site’s plugins and theme updates. Their compatibility should be able to keep up with the new core updates of WordPress. If not you may need to switch current ones for alternatives, which is the main reason why every WordPress nerd recommends avoiding plugins and themes which have not been updated for 2 years or more.
Please note that I do not recommend enabling Automatic Updates for WordPress if your website uses loads of plugins. So you have been warned. Also, make sure that you manually take a full and complete backup of your website before turning automatic updates on.
Enable Automatic Updates from cPanel
cPanel is used by a large number of hosting providers but there might be a case where the enabling process is different from these instructions, so you may have to contact your hosting provider for assistance.
The rest of you, can just simply follow these instructions in order to enable automatic updates. Usually, most of the hosting providers use Softaculous one-click Installer.
In order to enable Automatic Updates, navigate to your cPanel and locate the WordPress option, find the current installations area and locate your site. Then simply click on the pencil icon to edit.
You’ll then see an Edit Installation Detail Screen, where you’ll find the Auto Upgrade option.
Enable your preferred options and remember, these changes are only for active plugins and themes.
Inactive ones you have to update manually. That being said, it is best to remove inactive add-ons if you’re not using them.
Enable WordPress Core Updates Manually
The word “Manually” does scare a lot of people even me sometimes. But here there is nothing to worry about. This manual process is very easy. All you need is an FTP client. I love FileZilla for this task.
Just access your account with any FTP client and go to the public_html folder. Then, you just need to find the wp_config.php file and right click on it and then select View/Edit. After this just add the following line directly above the one that reads /* That’s all, stop editing! Happy blogging. */:
define( ‘WP_AUTO_UPDATE_CORE’ , true );
Save your change and let the FTP program upload this updated file. And that is all there is to it. See, I told you – piece of cake.
To be frank, updating your WordPress website is a strife topic. From the security point of view, one just cannot avoid WordPress updates. But they create issues in presentation and functions. So, my verdict is that no matter how it is affecting you, you should always turn the WordPress Automatic Updates ON.
Because according to me security is very crucial. So, do that extra legwork and prevent your WordPress website from any possible security vulnerability.
Exclusive 7 Day Course
Defend your site from hackers, improve your website speed, get free uptime monitoring and learn tactics used by WordPress experts
Many thanks for subscribing.
Something's not right.