Should you enable automatic updates in WordPress?

One of the headline features in the recent release of WordPress 5.5 was the ability to enable automatic plugin and theme updates. This follows the inclusion of automatic core updates in WP 3.7.

On paper, the arguments for automatic updates are compelling. They’re the fastest and most reliable way to patch security exploits, for instance, and most users are woefully lax in remembering to update their sites on their own. (Clients frequently hire me to debug and update installations that haven’t been touched in a more than a year, so I’m more sympathetic than some to the problems that automatic updates are intended to solve.)

Unfortunately, this is yet another area where good intentions go terribly awry. At this point in time, automatic updates in WordPress remain a dangerous, unstable, and unworkable idea by every practical measure.

For proof of this we need look no further than the release of WordPress 5.5 itself, which contained breaking changes in core javascript libraries that caused issues on many sites. This was followed a few days later by an update to Woocommerce that introduced conflicts and fatal errors of its own (particularly on those sites running my favorite caching plugin WP Rocket).

So this week alone, you could have found your site broken by an automatic core update to WordPress 5.5, and then, had you turned on the new automatic plugin updates, found your site broken again in less than 48 hours by a Woocommerce update.

The most significant thing about these examples is that they weren’t caused by little known plugins or themes from unproven developers — they were introduced by the WP core dev team and the WooCommerce dev team, some of the most experienced and proven talent in the WP ecosystem.

I don’t intend at all to beat up on the core devs or the Woocommerce devs with these remarks. Bugs happen — and I’ve certainly introduced more than my share of them into my own code. The problem with automatic updates isn’t the quality of the code coming from the best devs in our community but the nature of WordPress itself. Automatic updates work great on a closed ecosystem like Apple’s app store — an ecosystem where the hardware options are limited, quantified, and controlled, and where all software is screened to at least some degree before it’s allowed on the platform.

But WordPress is an entirely different animal. The infinite variety (and varying quality) of third-party plugins, theme frameworks, and laughably underpowered shared hosting plans makes automatic updates a recipe for disaster. It’s impossible to test even a fraction of every possible plugin, theme, and hosting combination. As long as that’s true, automatic updates are a fool’s errand.

Furthermore, to try and change these fundamental issues to make automatic updates more reliable would necessarily kill the openness and flexibility that has made WordPress such a global success.

So should you enable automatic updates in WordPress? Absolutely not.

If not automatic updates, then what? A workable approach to updates

With all that said, here is my approach to updates on the sites I manage (and the recommendations I give to my clients).

  • Set a workable update schedule, put it on your calendar, and stick to it. You don’t need to check your site for updates every day. Updating once per week will put you ahead of 95 percent of the WP sites out there, and updating even once every couple of weeks is still enough to avoid critical problems in my experience.
  • Don’t apply updates to your site until they’ve been in the wild for a week or so. This bit of lag time will allow developers to address any unexpected bugs or conflicts without your site suffering the fate of a neglected lab rat. The only exceptions to this policy are critical security updates. If the release notes for a plugin or core update mention a security fix, it’s best to cross your fingers and apply those as soon as you see them.
  • If you’re using paid or premium plugins, be sure you have activated your license codes and are receiving update notices. A common problem in my client work are premium plugins and themes that weren’t activated to receive updates. So the site owner conscientiously updates the rest of their installation on schedule but is eventually stopped cold by a fatal error because they were never notified that updates were available for a particular plugin or theme.
  • Make sure you have a backup system in place. Even when you’re careful and apply updates on a reasonable schedule, something will eventually break. When this happens, the ability to quickly roll back to a working backup will prevent you from adding bourbon to your breakfast cereal.
  • Whenever possible, test updates on a staging site before applying them on your live site. Whether you can easily do this depends almost entirely on your web host. Specialty hosts like WPEngine offer automatic staging sites and one click copying of your live site to a staging area, where you can safely test updates. But the junkyard Cpanel shared hosting abominations that power most WP sites offer nothing of the sort. (I will save my hosting rant for another time).

Finally, if you’re going to allow any automatic updates, I recommend enabling only security and minor updates for the core. You can enable core security updates alone by adding the following line to your wp-config.php file:

define( 'WP_AUTO_UPDATE_CORE', minor );

Are you struggling with updates or other problems on your WordPress site? Book an appointment in my WP Clinic, and we’ll work through it together.

Introducing Well Adjusted, a new podcast about horror movies and culture

I can’t remember the first horror movie that I saw. I started young — too young for today’s ninny standards — by dragging my babysitter to the local video rental store during my parents’ weekly outing and insisting I was allowed to watch whatever. Whenever she balked at a particularly gory or salacious cover, my little brother and I would shrug casually and say, don’t worry, we’ve seen a lot worse.

It was the 80s in Arkansas. Kids could still buy cigarettes without too much trouble, so a handful of R rated VHS tapes weren’t a hard sell.

Fast forward to adulthood, and I’ve continued watching those old films, as well as many contemporary horror releases, and I still get the same giddy thrill when the camera switches to the monster’s POV or the formerly meek heroine drops the whimpering veneer of socialization and goes at the killer with a fireplace poker.

When you love something, you can’t help but want to share it. For the longest time now I’ve wanted to find a forum where I could talk about these films and the horror genre in general. Well, yesterday my friend Levi Horne and I finally made it a reality.

Well Adjusted is a weekly podcast about horror movies and books and their relationship to our larger culture. In the first episode, we discuss Larry Cohen’s 1974 B movie masterpiece It’s Alive. It’s the perfect movie to watch for expecting parents, or anyone contemplating starting a family.

Give it a listen, and subscribe in your favorite podcast platform if you are so inclined. This plague season has been a dry well creatively — for obvious reasons — and making this little project a reality felt like the sun came out for the first time all year.

Dashboard problems after updating to WordPress 5.5? Install this plugin.

WordPress 5.5 was released last night, and it began the long process of updating the bundled jQuery javascript library to a more current version. Unfortunately, it also broke a number of plugins and themes, causing javascript errors and strange behavior throughout the dashboard and front end.

The first problem I noticed on my site were broken hover states in the WordPress admin dashboard. Typically, when you hover the Posts or Pages or any side menu in the dashboard, a submenu appears to display the related options.

The WordPress 5.5 update broke the hover state in my dashboard menus, preventing the submenu items from displaying on hover.

The cause turned out to be the removal of a script called jQuery migrate from the WordPress core — a necessary first step in the jQuery update process. The solution is to put the script back. Fortunately, the WP core team anticipated this would be an issue on some sites and kindly provided a free plugin to address the issue.

If you notice strange behavior after updating — and especially if you see errors in the javascript console — try installing the Enable jQuery Migrate Helper plugin. It fixed my issues straight away.

Are you struggling with updates or other problems on your WordPress site? Book an appointment in my WP Clinic, and we’ll work through it together.

How photography helped me recover from depression

Early last year I bought a new camera. I’d been a casual shutterbug at various times before, but always wound up quitting within a few weeks or months. This time, though, was different. This time, the perfectionism and anxiousness and preordained sense of defeat that clung to every previous snap of the shutter were gone. This time, I wasn’t shooting to prove to some unseen force that I had intrinsic worth. This time, I was shooting just to shoot.

Read more “How photography helped me recover from depression”

02-19-2020

RUNNING UP THAT HILL

Parents rarely feel just one way about something. Every time I see her run, I'm half caught dreading she'll fall and half caught hoping she'll fly.