WordPress auto update for Core, Plugins, Themes: The Definitive Guide

Apr 26, 2021


WordPress auto update for Core, Plugins, Themes: The Definitive Guide

Apr 26, 2021


We all know that keeping your website updated is vitally important, but it is a time-consuming task. WordPress automatic updates may seem like the easy answer, but you may end up spending more time than you originally bargained for. 

Updates don’t always play nice with each other though, and so many WordPress administrators are understandably wary of setting up automatic updates for this reason. 

In this article, we will talk about, how you can: 

  • Set up WordPress auto update to save considerable time
  • Ensure that updates take place smoothly and without breaking your website

Is setting up automatic update for WordPress a good idea? We give you the entire picture in this article.

TL;DR: Reliably update your website using BlogVault. Use visual regression to check your website before and after updates, and in case your website breaks, easily roll back with a one-click restore.

What are WordPress automatic updates?

WordPress automatic updates is a WordPress feature that enables you to set your website to automatically check for updates and install them. Ideally, it should reduce your effort and time spent on checking for and installing updates, which often takes a backseat because it is a time-consuming activity.

However, the time you spend on installing updates manually takes care of 2 important aspects: you are in control of how the updates happen; and you are on hand in case anything goes wrong. 

Automatic updates are not the same for everyone, and many WordPress admin are not comfortable leaving everything up to automation. They have good reason, and we will explain how to determine what works for your website in subsequent sections.

What happens during an automatic WordPress update?

In case you are wondering how exactly your WordPress site is updated automatically once an update is released from WordPress, here’s what happens:

Once the update is released, the automatic update is pushed from wp.org and runs in the background on your WordPress website via wp-cron.

wp-cron is a background process that allows events to happen in the background, which in layman terms means that you don’t need to put an ‘under maintenance’ notification on your website while the updates occur.

Your WordPress wp-config file has the following code by default.

define( 'WP_AUTO_UPDATE_CORE', true );

This allows automatic updates to take place on every page load. The page loads are triggered by the following code found in the default-filters.php file

add_action( 'init', 'wp_cron' );

Types of WordPress automatic updates

WordPress releases four different types of updates regularly. These are as follows:

  1. Core updates: Core updates are critically important, especially from a security standpoint. As a rule of thumb, you should always have the latest version of WordPress installed. They also announce these on their social channels.
  2. Plugin updates: If you are using plugins on your website, which is most likely the case, you need to check regularly for updates for each of them.
  3. Theme updates: WordPress themes come up with changes and improvements. These improvements can be either aesthetic or have security patches for vulnerabilities.
  4. Translation file updates: These updates are language packs that provide multilingual support to a WordPress website.

Core updates can be further divided into three subtypes:

  1. Major core release updates: They contain developmental changes such as an addition of new feature/s or changes to the core technologies. For example, WordPress 5.7, named Esperanza, was released on 9th March 2021. It came with new default colors, an improved editor, and feature releases such as a new Robots API, a one-click switch from HTTP to HTTPS, etc.
  2. Minor core updates: The minor releases are mainly security and maintenance and security releases. They contain the security patches and fixes for WordPress. These are very important updates that should not be missed. For instance, WordPress version 5.7.1 was released on 15th April 2021 with 26 bug fixes in addition to two security fixes.
  3. Core development updates: These updates are usually for changes that might be unstable. They are also called ‘bleeding edge’ updates. You don’t have to install these updates unless you are a developer who is interested to check out and contribute to the core development of WordPress.

As a rule of thumb, updates are always important. So we always recommend you keep everything updated, but how you approach it is important. We will discuss how to develop the right sort of update strategy that works for you, and that saves you the maximum time and effort.

How to configure WordPress auto update using different methods?

There are several ways to update the WordPress core. We will discuss the pros and cons of each method so that you can make an informed decision. There are mainly three ways in which you can do WordPress auto updates.

  1. By using a plugin for automatic updates
  2. By making changes to wp-config.php files
  3. By using managed hosting

Before you move on:

Back up your website

We cannot emphasise enough the importance of backing up your website. In whichever way you would choose to update your website (manually, automatically, or via plugin), you should always back up your website.

Use BlogVault to back up your website, and make sure your website is safe. BlogVault automates your backups ensuring that you are never without a website in case something goes downhill.

1. Manage WordPress automatic updates using plugins

You can use a plugin to manage automatic updates. This method is useful if you want to change the default settings, without messing about with the core files.  

There are several WordPress plugins that will perform automatic updates, such as Advanced Automatic Updates and WP Updates Settings. They work in much the same way, so here we have included a step-by-step guide for the Advanced Automatic Updates plugin. 

Note: Plugin cannot ensure that your website will not break as a result of an update. Therefore, it is always vital to take backups before making major changes to your website. It will save tons of time if something goes wrong.

Step 1: Install and activate the plugin on your website

Advanced Automatic Updates plugin

Once installed, you will find the Advanced Automatic Updates plugin under the Settings tab on your WordPress dashboard. Here you can customize according to the options available.

Step 2: Enable or disable automatic updates

It’s usually easy to use a plugin to enable or disable automatic updates. All you have to do is select or deselect the types of updates you want to enable or disable.

Minor updates and security updates are the most important ones. These usually save you from vulnerabilities that can lead to your website getting hacked.

Enabling WordPress auto update using advanced automatic updates plugin

You can decide whether you want to update WordPress core major releases automatically or not. Some plugins will allow you to update your add-ons such as plugins and themes.

Once you have selected/deselected the plugins, you can simply save your setting and that’s it.

Step 3: Get notified about automatic WordPress updates

Get notified about WordPress automatic updates

Most plugins will allow you to select the notification option. You can choose to get email notifications for the updates. This way, in case you discover that your website is broken, you can check for the notification and fix the update to get your website right.

Benefits of using plugins for automatic WordPress update

  • If changing the wp-admin code intimidates you then this is a perfect option. Plugin for auto-updates will take care of keeping your website updated for you.
  • You can enable or disable auto updates with a single click. Most plugins will also allow you to choose what you want to update and how frequently.

2. Manage automatic updates in WordPress using wp-config

To use this method, you need to be comfortable with changing and editing your core wordpress files. We do not recommend you take this on, unless you a) are confident; and b) have a reliable backup as too much can go horribly wrong and you could lose your website. Follow the steps given below to get started:

To make changes using the wp-config.php file, first navigate to it in your WordPress wp-admin folder. You will find a parameter called


You can assign the value true or false to enable or disable auto updates using this method.

Enable Automatic update in WordPress manually using wp-config

Add the following code to your wp-config.php file to manually enable all major automatic WordPress updates:

define( 'WP_AUTO_UPDATE_CORE', true );

By doing this all core updates that are released will be installed automatically.

Disable Automatic update in WordPress manually using wp-config

To disable the code manually, all you have to do is change the value assigned to the code. For that, replace the word true with false.

define( 'WP_AUTO_UPDATE_CORE', false);

Note that when you assign the value false, even minor updates will get disabled. Usually, minor updates are on by default in WordPress.

Automate only minor auto updates

To enable the minor updates again, simply change the value to ‘minor’ in the following line of code.

define( 'WP_AUTO_UPDATE_CORE', minor );

Enable WordPress auto updates for themes and plugins

Add-ons are not always recommended as they may be incompatible with certain plugins or themes. It may lead to issues and break your website and therefore, we recommend that you backup the WordPress theme before moving on. However, if you are sure you want to automate them, then you can make changes to the filter called auto_update_$type.

Navigate to the wp-admin folder and add the filter. You can determine its function ( to update plugins and/or to update themes) by assigning a value to it as follows:

To automatically update WordPress themes:

add_filter( 'auto_update_theme', '__return_true' );

To Automatically update WordPress plugins:

add_filter( 'auto_update_plugin', '__return_true' );

Pros of using wp-config for auto update in WordPress

  • Manual automation is free.
  • WordPress site owners won’t have to install an extra plugin just to keep their site up to date.
  • Site admin comfortable working with core files can set this up easily.


Cons of WP automatic updates using wp-config

  • It requires changes to files such as wp-config.php and wp-admin which may be intimidating for some users.
  • Usually, changes to the WordPress core files are not recommended because they can break the website. Therefore, for doing this you need to have a reliable step-by-step procedure and follow it closely so that nothing goes wrong.
  • This method can be time-consuming if you have never worked with code before.
  • In case your site crashes after an update, you will have to disable each update and check your website manually.

3. Manage automatic WordPress update using managed hosting

Managed WordPress Hosting is a concierge service provided by a website host to manage your website issues, such as updates, backups, uptime, and so on. A few examples of Managed WordPress Hosting are: GoDaddy, BlueHost, FlyWheel, etc. Most Managed WordPress hosting services offer automatic updates for WordPress websites.

Auto-update WordPress Core with Managed WordPress Hosting

Good news! Sit back and let your hosting provider take care of your website’s core updates. The whole purpose of Managed services is to reduce tasks for you. Let us tell you how they do this:

  1. The managed WP hosting provider performs compatibility tests for their system and the new WordPress updates. This is usually for the core updates only. To update the plugins and themes, you may need to talk to the service provider or do it yourself.
  2. They usually send out an email notification with the date of the update to the website owner. This is to ensure that the website owner doesn’t schedule any other important tasks at the same time.
  3. The service provider then creates a full backup of the website. For instance, Bluehost WordPress backup will be created which can be restored in case of an issue.
  4. On the date of the update, the new releases are installed. The service provider then checks for any issues that may or may not have occurred.
  5. Once the check is complete, the managed services provider sends out another email notification with the status of the update.

Auto-update theme and plugin with managed WordPress hosting

Plugin or theme updates are not done automatically by managed WordPress hosting services, simply because different plugins or themes have settings that might conflict with each other and break your site.

Let’s take a look at three Managed Services hosting providers and see how to update the add-ons from their dashboards:

I. FlyWheel

It doesn’t offer a service to update themes, but plugin updates can be availed at a premium price. You can enable plugin updates from the dashboard by following the steps below:

  1. Go to your Flywheel dashboard and click on the ‘Add-ons’ button. On the next page, click on ‘Enable Add-on’.
Enabling add on on flywheel dashboard
  1. Select the sites which you want to enrol for plugin auto-updates and click ‘Continue’.
enabling WordPress automatic plugin updates using flywheel
  1. You can see the billing summary on the next page. Check Out and complete your purchase for Managed Plugin Updates from FlyWheel.

II. GoDaddy Pro

GoDaddy Pro allows you to schedule updates for your themes and plugins right from the dashboard.

  1. Go to your GoDaddy Pro dashboard and select ‘Sites’ from the left side menu. Under each website you have the option ‘Tools’. You can select Themes or Plugins and click on Scheduling.
  2. In the General settings, enable auto-updates and choose your desired time and day for updating the add-on. Don’t forget to switch on ‘Perform Safe Update’ and select ‘With Rollback to previous version’ before you Save Changes. This will ensure that if the update breaks your website, it will automatically be restored.
  3. Now in the Themes section, select the themes you want to automatically update. Or, select plugins from the Plugins section. Now click Schedule.

III. BlueHost

It offers its users an easy option to automatically update WordPress Core, Plugins, and Themes. To do so, access your BlueHost Control Panel.

For Rock users:

clicking on the manage site button in the section of my site in Bluehost control panel

Step 1: Select ‘My Sites’ from the left sidebar. Click on ‘Manage Site’ under the website you wish to update.

Enabling WordPress automatic updates for themes and plugins in Bluehost

Step 2: Now, go to Settings > Automatic Updates and select core, themes, or plugins according to your preference.

For Legacy Users:

navigating to WordPress tool in Bluehost c panel

Step 1: Click on ‘WordPress Tools’ on the top left. A new page will open.

Selecting the website for auto updating

Step 2: Select the website you wish to auto-update from the ‘Select WordPress Site’ drop down.

enabling auto-updates for WordPress plugins and themes

Step 3: Now, under Automatic Updates, toggle on or off the auto-updates for core, themes, or plugins according to your preference.

How do you know when the update is done?

As we know now that automatic updates take place in the background. So there’s a chance that you may not know when your website has been updated. However, once an update is performed, you may get notified in one of the following ways about the update.

  • Dashboard notifications: You may see a dashboard notification on the WordPress plugin dashboard that your website has been updated. You can then check for broken links and features to ensure that everything is working well.
  • Emails to admin: Most hosting and maintenance services send emails out before as well as after an update. If you are using a plugin, then also you can choose to get notified via email. This way ensures that you never miss the information about the update even if you don’t log in to the dashboard.
  • Activity log: If you are using BlogVault to update WordPress as we suggested, you may find the activity log useful for identifying all actions taken on the website. Including updates, changes/edits, and logins. So in case the website breaks, you can simply check the activity log and figure out easily what broke the website. You can choose to roll back anytime to a previous version if something goes awry.

Why are updates important?

On average 30,000 new websites are hacked every day. Most of the hacks occur due to vulnerabilities that can be easily avoided by updating your WordPress core, plugins, and themes on time. 

Developers release security patches via  updates. However, website owners often face difficulties updating their website on time. Here’s where automatic updates come into play.

You can use WordPress automatic updates to keep your website secure as well as reduce the efforts of checking for updates manually. You don’t have to worry about someone exploiting a vulnerability to hack your website.

Moreover, automatic updates make WordPress management much easier if you have multiple websites. You don’t have to manually update each one, which is actually a tedious task. In fact, for websites with multiple plugins, updates become one less thing to worry about!

Why auto-updates are not for everyone

Updates, in general, can sometimes cause your website to behave in unexpected ways, and therefore break the functionality or design of your site. Your third-party plugins or themes may not be compatible or the update may override customisations. It is therefore important to update WordPress without losing customisations.

In case, you are thinking about turning on auto-updates for your website, first, take a moment and consider everything: What if one of your themes or plugins is not compatible? What if the site breaks unexpectedly? Will you be on hand to solve issues immediately?

Here are a few questions you need to ask yourself before you turn on auto-updates:

  • Does your website get high traffic or do you face a risk of significant revenue loss if something breaks?
  • Do you have the ability to rollback and fix the site yourself, or do you have a developer at hand to do it for you?
  • Do you backup regularly and are your backups reliable and easily restorable?

Recommended Read: Should you block auto updates?

Best practices for using Automatic WordPress Update feature

Here are a few best practices we talked about in the article, but we would like to emphasise them before you move on. Take a look:

  1. Take a fresh backup: Always ensure that you get a fresh backup before implementing any changes. If you have enabled auto-update in WordPress, it is important to get backups also automatically. In the case of WooCommerce websites, ensure that you get daily, incremental backups. You can do so with a plugin such as BlogVault. You can also check our list of 10 WordPress backup plugins.
  2. Choose what you want to auto-update: Select what should be on auto-updates and what requires manual efforts. For example, core updates such as minor releases for security patches should be put on automation. These are very important updates that may lead to vulnerabilities if ignored. On the other hand, updating your plugins may require you to ensure that the plugins are compatible.
  3. Update strategically: Always update your website at a time when the website traffic is usually low and there are minimal chances of disruption.

Updating plugins using Blogvault

Alternative to auto-updates [Recommended]

By now, we have established that updates are critically important, but can cause unforeseen issues. Auto-updates can be scary to contemplate, but equally manual updates are time-consuming. 

The solution is to use a plugin to manage updates well. We recommend BlogVault, where you can first set up automatic backups and then update your website safely. To do so, install and activate the plugin from the WordPress plugin directory. Go to the dashboard and select what you want to update and click on the update button. That’s it!

Benefits of using BlogVault for WordPress updates

  • Backup automatically and restore when required: BlogVault is the best in-class backup plugin. We strongly recommend this while using automatic updates. This way, if something breaks your website due to a compatibility issue etc., you can always rollback WordPress version easily.
  • Visual regression testing: Visual regression is when a snapshot of the webpage is taken before and after the update. BlogVault uses proprietary algorithms to compare these snapshots and ensure that nothing is broken due to the update. This saves a lot of time as you can quickly ensure that your website is up and running without any issues.
  • Check your updates on a staging site first: BlogVault allows you to check the compatibility of your plugins and theme customisations on a staging site first. Use the staging site to get the update, make the necessary changes, and migrate the changes to the production site easily.


Updates are vital to a website, however auto updates is not the solution for everyone. Instead, opt for using a plugin like BlogVault to assert complete control over your updates, and therefore the administration of your website.

Automatic updates can be unreliable and often cause incompatibilities. Due to unexpected reasons, auto updates may not work, concurrent updates may cause issues, or if something goes wrong, you may not be able to recover some of the data.

We already mentioned in the article that if you are opting for automatic WordPress updates, then it is also important to have regular, incremental backups taken automatically using a WordPress backup plugin.

The best method: Use BlogVault

With BlogVault you can not only take backups but also update multiple websites, plugins, and themes in a single click.

BlogVault allows you to take automatic backups and ensures a one-click restore when things go south. The plugin ensures that you have incremental backups taken every 5 minutes and stored for up to 90 days. You can check your updates on the staging site first and then migrate to your production site. In case you have automatic updates on using any other method and if your website breaks, you can use the activity log to figure out what broke the website and roll back in a single click with BlogVault.

Hope you find this article useful. If you still have doubts, check out the FAQs below or feel free to reach out to us with your questions and queries.


Q1. How do I update WordPress automatically?

Various methods may be adapted to benefit from the WordPress automatic updates. These methods include changing the code manually in the wp-admin folder, using an auto update plugin, or using managed services such as Managed WordPress Hosting or WordPress support and maintenance services.

Also read: How to update Woocommerce?

Q2. Should WordPress plugins update automatically?

No. WordPress automatic plugin updates can be risky and may lead to the breaking of your website. This can cause both distress to you and harm to your business. We recommend you check compatibility on a staging site first and make the necessary changes before moving them to the production site.

Also read: Rollback wordpress plugin

Q3. How to auto update wp-themes?

You can update add-ons, such as themes, using one of the following methods:

  • Manually: Navigate to the wp-admin folder. Include the one-line code:
add_filter( 'auto_update_theme', '__return_true' );

You can update add-ons, such as themes, using one of the following methods:

  • Using Plugin: Navigate to the left menu on your WordPress dashboard and click on the auto updates plugin that allows you to update add-ons. Select themes to auto update your WordPress website themes.
  • Managed Services: WordPress Support and Maintenance Services such as Valet, WP Maintainer, and WP Curve may take care of your add-ons such as themes. Contact your Managed service provider for more information.

Q4. How do I turn off automatic updates in WordPress?

You can turn off the auto updates using the following methods:

  • Manually adding the following parameter to the wp-config.php file in the wp-admin folder can turn off auto updates.
define( 'WP_AUTO_UPDATE_CORE', false );
  • In case you have been using an auto update WordPress plugin, then simply navigate to the settings of the plugin and turn off the updates that you do not want to automate.
  • For those using Managed services, you can email your service provider and discuss the options with them.

Q5. How to benefit from the WordPress auto update feature?

The best way to use auto updates is to understand what it entails thoroughly, and then adapt what suits your use case. You can leverage the convenience of auto updates, if you follow best practices and be prepared for all possible outcomes.