Updating WordPress is something that every site owner has to do, at least for WordPress’ security updates. Automating updates seems like the easy way out, but how do you know if your WordPress site is compatible with, and needs any other updates?
Every new WordPress site owner faces a conundrum when it comes to updating their WordPress site. Even if you only have to click on ‘update’ to update the sites, there are so many updates happening so frequently that simply updating might seem like a gargantuan task. This is why automating the process might seem like an easier route to take.
What Does it Mean to ‘automate’ WordPress Updates?
Ever since version 3.7, WordPress has allowed security and translation updates to happen in the background of every default installation, but this doesn’t include major and add-on updates… Which means a huge chunk of updates are still not performed. This is why choosing to perform automated updates on your WordPress site is a tempting choice. Moreover, it’s an option that can be carried out in a number of ways. It means every update on your site would happen automatically. You wouldn’t be shown notifications, wouldn’t need to click on ‘update’ everywhere, and you can stay at peace.
Making this decision isn’t as easy as it sounds though, simple because of the consequences it might have on your site. This is why we’re going to break it down for you.
The Pros of Automating WordPress Updates
It reduces your workload
Automating updates for both WordPress Core and add-ons on your WordPress site isn’t recommended, since any of these updates could contain changes that might cause your site to crash. But even just automating WordPress’ major core updates would reduce the amount of work for you as a WordPress site owner, since you would only have to worry about the add-ons.
It makes your WordPress site better in every way
WordPress updates allow the addition of new features and security patches for known vulnerabilities, thus making WordPress sites more functional, and secure. Automating your site to update, therefore, would help your site be more functional for your site’s visitors and users, as well as more secure for everyone.
The Cons of Automating WordPress Updates
There are a number of downsides to automating updates on your WordPress site, but the extent to which this might affect your site negatively, depends on what you choose to update, and how you choose to do it.
Your WordPress site could crash
Depending on the functions, and the scale of the changes in the updates made (whether to WordPress Core or to add-ons), your WordPress site could crash.
If you automate WordPress Core updates, there is a possibility of the old add-ons on your site not being compatible with the Core changes. As a result, your site could crash.
Automating add-ons is not recommended. This is because there are thousands of different plugins and themes, and although they’re coded to be compatible with WordPress, they’re not all coded with each other in mind. This means your site could crash with the update of any one plugin or theme.
The aftermath of WordPress crashing takes time to fix
If you choose to configure your WordPress site to automatically update via code, and not a plugin or a service, you’ll have to make changes to your site’s wp-config file. This can be daunting, and can take time for a novice.
Moreover, no matter why your WordPress site crashes, you will have to restore it to a recent backup, and figure out which update caused your site to crash… which again will take time.
Automated updates with Managed WordPress Services have consequences too
Using managed WordPress services (those that update your WordPress site for you as a part of maintenance or hosting services) might seem like an easy option, but it also has a number of consequences.
If you have chosen to enable automatic updates with a managed WordPress service, they will email you with the update schedule. In this case, you will have to check all the elements on your site for compatibility before approving the update.
If an element on your WordPress site is not compatible with an update, you will have to ask your WordPress manager to postpone the update until you fix the issue.
It is added trouble for you as a WordPress site owner, if you can not fix the issue causing incompatibilities by the time managed WordPress services force updates on your site. This would mean that your site would break, and you would have to restore it to a previous backup that is recent enough. If you own an e-commerce WordPress site, this isn’t an option, because of the constant input of data on your site.
Deciding to automate the updates to be made to your WordPress site isn’t an easy decision, especially if you don’t know your WordPress site inside-out. However, it’s something that every WordPress site owner has to do, a least for WordPress’ security updates. Learning whether your WordPress site needs any other updates to be updates is a time-taking experiment, but it’s one that will pay off in the end. The only way to make sure that your site is safe, is to rely on an intelligent, secure backup solution to create backups before you perform any update or make any changes to your WordPress site.
Over the past few months, we’ve been working on a number of changes at BlogVault. Not only do we have an improved UI, we’ve also got a bunch of new features that are bound to make managing your WordPress site a lot easier, and secure.
BlogVault has got a new dashboard that is better in every way, from allowing users to access our features for intuitively, to providing more than just backups.
Let’s take a look at a few of the changes, shall we?
Your BlogVault dashboard now has two major areas:
Each area has specific functions, and together provide:
Ease of Use
BlogVault’s new site listing feature helps you see all the sites you’ve added to your BlogVault dashboard. From this part of the dashboard, you can filter sites based on their status:
‘Active’ sites are those that have the BlogVault plugin installed on them, and use the plugin regularly.
‘No Plugin’ sites are those added to your dashboard but haven’t got the BlogVault plugin installed. (This could also be because of a problem during installation.)
Sites that are ‘Unreachable’ are those that have the plugin installed, but our servers are unable to reach, due to a connectivity error, or probably due to firewall or network settings.
‘Hacked’ sites are those that the BlogVault plugin has detected malicious files on.
We built in this categorization of sites to help you see exactly what’s going on with your sites at a glance. Moreover, the Site Listing page also allows you to find a particular site, based on tags that they might have (more on this later).
Easier Account Control
With our revamp, we’ve also changed your account and billing settings so they’re easier for you to manage.
Everything related to your BlogVault account is easily accessible, and easily changeable too from the ‘My Account’ drop-down. You can change anything about your account, from your email address to the BlogVault subscription plan you’re on.
Optimized for Teams
This brings us to our other new addition: the option to add team members to your BlogVault account. Our new Account settings allows you to manage a team that can handle every aspect of backup, management and security of the sites linked to the BlogVault account.
New, Improved Features
BlogVault now comes as a comprehensive package that allows our customers to backup, manage and secure their websites in every way. All you have to do, is to click on any one active site from your Site Listing page.
As you can see, we offer you WordPress backups, but also management and security settings that help you manage and secure your WordPress site. While the old UI allowed you to see all the features on the right in a sidebar, we’ve revamped BlogVault to let you to see it all under each option (Backup/Management/Security).
Our backup features have always been functional enough to rely on completely, but with our new UI, they’re more accessible, and easier to use.
The History tab has been given a full revamp, and allows you to see the last 30 backups made of your site more clearly. You can see exactly what happened with each backup, and add notes more easily as well.
Again, as you can see, you can select any backup version you have and choose to migrate, test restore, or automatically restore from it. You can also upload any version to Dropbox, or add a notes to help you differentiate versions.
Download Backup / Upload Backup
Both ‘Download Backup’ and ‘Upload to Dropbox’ options are very different functions, but have a single form, that requires the following:
The backup version you would like to download (or upload from)
Your site’s database credentials
Your hosting server’s credentials (which come under Advanced Options, along with the next option)
A choice of whether you’d like to store either tables and files, only tables, or only files from your WordPress site
There is also a section that requires your HTTP Authentication credentials, which are your WordPress site’s credentials.
The ‘Migrate’ option allows you to easily move all your site’s content and functionality to a different domain name or a different hosting service. All you require for this option, are the FTP credentials of the new site/domain/hosting service you’d like to move to.
Perfect for when your site suddenly goes down, the ‘Auto Restore’ backup option has the same form to fill up, except that it requires the FTP credentials of the site you’d like to restore (which is your current site).
As you can see from the previous screenshot, we’ve also got a handy FAQ section on the right for all migration and auto restore- related FTP questions, so you have all the answers at your fingertips.
This option creates a test-environment (a replica), based on the latest backup version of your site, complete with the links, videos, images, and everything else on your site. You can click on these links, and they’ll work like they would on your site. Once BlogVault is done creating this test-version of your site, we mail you the link you can access it on, along with its FTP details, so you can experiment and see if you want to make any changes to your site.
If you’d like to make a Test-Restore of a different backup version of your site, you’ll have to go to the History tab, select the desired backup version, and then restore from it.
BlogVault automatically backups your WordPress site every 24 hours, but if the backup schedule is just too far away (such as when you want to make an instrumental change but want to make a backup just before), this option comes in handy.
The Backup Now option also shows up on the Management and Security functionalities (just look for the following icon):
This allows you to backup your site before making any changes to it.
From allowing you to manage your WordPress site’s users to helping you update the plugins and themes on your site, the Management feature allows you to manage your WordPress site to be secure against threats.
You can manage all the plugins and themes installed on your WordPress site from this option. This means you can see the version you have of each, as well as whether to update specific add-ons, or all of them.
With the ‘Manage Users’ option, you can remotely delete, or change the role or password of those who have access to the site, without having to log in to your WordPress site’s dashboard.
We also have a Security feature that allows you to harden your site and clean your site of malware. The Security feature helps you harden your WordPress site, as well as to clean malware and hacked files with a single click. Moreover, since our scanner is built to be accurate and intelligent, it detects the most complex hacks, without raising false alarms, or alerting you of ‘possible hacks’.
The BlogVault dashboard now features hardening settings under the ‘Secure Site’ feature. These are settings recommended by WordPress, that help make your site more secure against hacks. We’ve categorised these settings into two sections: Basic, and Advanced.
Here is a look at some of the basic security fixes:
The advanced security fixes require some caution though– even if they can’t break your site, you won’t be able to install new plugins or themes on your site if you have them enabled.
The convenient thing about these settings though, is that to enable (or disable) these settings, you have to only select the ones you’d like to enforce or remove, enter your WordPress site’s FTP credentials, and select the folder that your WordPress site is installed from.
This option only appears when you have a hack on your WordPress site. It identifies the hacked file for you and pinpoints it, so you can look specifically at that one file, if you want to. If you’d rather just clean out the hack with a single click, you can do so by clicking on the ‘Auto Clean’ button.
Another feature that only appears when you have a hack, the Auto Clean function helps you remove malicious code on your site with a single click. Since we’ve built our cleaner to even identify complex hacks, you can choose to remove them immediately, without technical assistance.
Once you click on the Auto Clean function, you are taken to the form asking for your WordPress site’s FTP details.
Once you enter your WordPress site’s FTP details, your site will be cleaned.
One of the most revolutionary additions to our dashboard, the ‘Scan Now’ feature allows you to scan your site for hacks at any given point of time. Our malware scanner looks for hacks based on the actions the code performs, rather than signatures, or keywords. So no more backdoors, or recurring hacks. Before scanning your site, we run a backup so you always have the latest version of your site to fall back on.
We’ve tried to make the new dashboard as functional as possible. One of the steps we’ve taken in this direction, is the addition of ‘Quick Links’ that help you download backups, migrate backups to a new location, or restore it with a click. This section also has ‘Resources’, which help give you a quick snapshot of everything you need to know about your WordPress site. Perfect for emergencies, the icons for these functions, and the information related to your site, are right under your site’s thumbnail, on the Site Details page.
Since these features are in-built into BlogVault’s dashboard, we backup your site automatically before making any changes to your WordPress site. This makes it a comprehensive solution to help you manage your site in the most secure way possible. BlogVault has always been focused on giving our customers the best experience, in the most reliable, sensible way, and we hope you’ll find our new makeover to be as practical as we intended it to be.
WordPress site owners are constantly asked to update their sites. But keeping track of updates is incredibly difficult, because of the frequency and number of updates to be made. This is why automating updates might a useful practice.
If there’s one piece of advice in the world of WordPress for site owners, it’s this: update, update, update. Updating WordPress is easy in theory, especially since all site-owners receive notifications about core and plugin updates. When it has to be put into practice, though, updating WordPress is its own beast. Not only might updates break WordPress sites; they might also cause incompatibilities, and be impossible to undo as well. This is why it’s important to always have a reliable backup solution for WordPress sites.
Updating WordPress is an important task though, because of new features that might impact user experience, but also security updates that help against major vulnerabilities. However, with WordPress receiving updates very frequently on the Core as well as the add-on front, it is difficult to keep up with all the changes, and apply them. This is why automating updates on WordPress sites might be a workable solution for you as a WordPress site owner.
Types of WordPress Updates
While updates for WordPress add-ons have both developmental as well as security updates, updates for WordPress core perform different functions. Based on these functions, WordPress Core updates can be categorized into:
Release updates, which contain both Major and Minor releases.
Major updates contain developmental changes including the addition of new features, or changes to core technologies on WordPress. Every major release is named after a major jazz musician.
Minor updates contain security patches and fixes. As a result, they are highly recommended, and are automated by default on every installation of WordPress. Every WordPress site is recommended to run these updates since they contain important security updates that keep WordPress sites safe.
Developmental updates, which are only for the changes that might be unstable– these updates are what future developments are built on. Also known as ‘bleeding edge’ updates, they are only meant for sites running the developmental version of WordPress.
Translation updates (which are language packs), and come in handy if your WordPress site has multilingual support.
Depending on your comfort-level with code, and the time you’re willing to spend maintaining your site, you could automate your WordPress site’s updates manually, with the help of a plugin, or via managed WordPress services. Every method has its pros and cons, so it’s best to choose one with careful thought.
Automating WordPress Updates the Manual Way
This method will require you to make changes to your WordPress installation’s core files.
How to automate updates to WordPress Core the Manual Way
Updating WordPress Core includes making changes to the wp-config.php file.
WordPress contains a parameter called define( ‘WP_AUTO_UPDATE_CORE’) in the wp-config file. The value you assign this function determines WordPress release update is automated.
To Automate All WordPress Core Updates
Assign the value ‘true’ to the above function, as demonstrated:
define( ‘WP_AUTO_UPDATE_CORE’, true );
This will enable the automation of all release updates, developmental updates, and translation updates on your WordPress site.
To Only Automate WordPress Core Minor Release Updates
As mentioned, WordPress automatically makes Minor release and translation updates to your site. However, if you disabled all automatic updates by assigning the above function the value ‘false, you would have disabled Minor updates too. Just assign the value minor to the same function above, instead of true. This will disable all updates other than Minor updates, which keep your WordPress site secure.
Here’s how you do it:
define( ‘WP_AUTO_UPDATE_CORE’, minor );
How to Automate Updates to WordPress Add-ons the Manual Way
Automatically updating add-ons isn’t recommended by WordPress, since the developers’ updates might work for that plugin/theme, but might be incompatible with other add-ons or elements on your WordPress site. However, if your WordPress site is simple and has very few plugins/themes that are compatible with each other, it might not be as big a problem.
In order to manually configure your installation of WordPress to update plugins & themes, you have to make modifications to a filter called auto_update_$type, found in the wp-admin folder. The value assigned to $type determines which WordPress add-on is updated automatically.
To automatically update all plugins on your WordPress site, the filter must read:
The code isn’t complex, so it’s beginner friendly.
Manual automation is free.
WordPress site owners won’t have to install an extra plugin just to keep their site up to date.
Cons of Manual Automation of Updates
The changes have to be made to the WordPress wp-config.php files and the wp-admin folder. This might make some WordPress users uncomfortable, especially since changes to the WordPress core files are not recommended.
Making the changes to code might require some time, especially for WordPress novices.
If your site crashes with any update, you will have to check your site’s status after disabling each update manually.
Automating Your WordPress Site with Plugins
This method comes in handy for WordPress site-owners who do not want to tinker with code themselves, and don’t mind installing an extra plugin on their site. A couple of examples of plugins that help automate updates, are Advanced Automatic Updates, and WP Updates Settings.
How to Use the Advanced Automatic Updates Plugin
Step 1: Install and activate the plugin.
Step 2: Locate the plugin under your WordPress site’s Settings tab, and click on it.
Step 3: Check the kind of updates you would like to automate on your WordPress site.
If you would like notifications about these updates to be sent to an email address other than the one of the site owner, you can enter it here:
As you can see, you can also disable email notifications about the same, and request for debug information (in case you’re running development updates).
How to Use the WP Updates Plugin
Step 1: Install and activate the plugin.
Step 2: Just like for the Automatic Updates plugin, locate the Updates tab under your Settings tab, and click on it.
Step 2: Choose the kind of WordPress Core release updates you would like to automate on your WordPress site.
Step 3: Choose whether you would like to automatically update add-ons on your WordPress site.
Step 4: If you’d like translation and developmental updates, click on the appropriate check-boxes.
Pros of Automating Your WordPress Updates With a Plugin
These plugins do the work for you: you don’t have to manually tinker with any code; they’ll do it for you.
Most plugins that automate WordPress sites allow you to enable or disable different updates with a single click.
Cons of Automating Your WordPress Updates With a Plugin
This will require you to install an extra plugin just for updating your WordPress site.
Some plugins only update WordPress core, while others will allow you to update add-ons as well.
You, as a WordPress site owner, will still need to weed out problems if your site crashes with updates.
Using Managed Services to Automate Your WordPress Site
There are two types of managed services you could use to automate updates on your WordPress site: managed WordPress hosting, and WordPress support and maintenance services.
Managed WordPress Hosting
These services help manage your WordPress site’s hosting issues, as well as a few issues related to your WordPress site as well. A couple of examples of managed WordPress hosting services/ managed WordPress hosting providers are Flywheel, and WP Engine. These services automate the update of your entire WordPress site, but after the following steps meant to benefit you no matter the state of compatibility of your WordPress site:
The hosting provider checks their systems for compatibility with WP updates (whether this includes both core and add-on updates depends on the web host).
They then mail you beforehand with the dates for your WordPress site’s update.
Every managed hosting service performs a backup of your WordPress site before the update. Only after this do they perform the update.
Once they perform the update, they check for issues.
If your WordPress site is not compatible with the update, the managed hosting provider restores your site with the backup that they made.
The service then mails you about the status of the update (successful/unsuccessful, and reasons if unsuccessful).
If you’ve tested your site and found it incompatible, you can ask certain web hosting services to postpone updates till you fix the issue at hand.
Plugin and theme updates are not done automatically by managed WordPress hosting services, simply because different plugins have settings that might conflict with each other and break your site.
If you’d still like to automate the updates of add-ons, you can get in touch with your WordPress host about the same.
Since each managed hosting service has different terms and conditions, and pricing plans, it is recommended that you read their documentation carefully, and then get in touch via email or from their in-website chat support.
Pros of Using a Managed Web Hosting Service With Automatic WordPress Updates
You, as a WordPress site owner, don’t have to fiddle with the WordPress core files.
Your WordPress hosting service tests and runs WordPress updates for you.
Cons of Using a Managed Web Hosting Service With Automatic WordPress Updates
Managed WordPress hosting comes at a price.
These services don’t take care of all the issues that might come up during updating your WordPress site. If your site has certain customizations that makes it incompatible with WordPress updates, these services might mail you asking for you to seek a professional developer’s assistance. This means even if you’re paying a premium price for managed hosting, you might also have to hire a WordPress developer separately.
WordPress Support and Maintenance Services
WordPress support and maintenance services (such as WP Curve, WP Maintainer, and Valet), are perfect for super-busy site owners who can afford to have a full-time service just for maintaining their WordPress sites. In terms of updates and maintenance, these services usually perform the following functions:
Core and add-on updates.
Support/repairs in case of incompatibility.
Audit of the security and maintenance of your site so the chances of it breaking upon update are reduced.
Regular backups to rely on in case of incompatibility with any update.
Similar to managed WordPress hosting services, it is recommended that you go through the list of their offerings, (and their pricing plans) carefully. All you have to do after that, is contact them over email, or from their respective websites.
Pros of Depending on WordPress Support and Maintenance Services
Since you are paying these services specifically to maintain your WordPress site, you can expect them to solve any problems you might have while updating your WordPress site.
You need not hire a developer to this end.
Cons of Depending on WordPress Support and Maintenance Services
These services come at a premium price, and usually require you to pay more in order to fix issues that might come up during updates. Each service has its own pricing plan.
A number of maintenance and support services do not provide free support, so if you run into issues with your site, it might be expensive to get them sorted out.
Automating your WordPress site might seem like an easy fix that will help your WordPress site stay up to date with security patches and new features, but it also comes with many caveats. Not only might updates your site break, but they might also be difficult to undo. This is why it is imperative for every WordPress site owner to maintain a recent, secure backup of their WordPress sites that can be relied on.
Blogvault was started by Akshat
Choudhary in 2007. Based out of
Bangalore, India, we are a complete
backup service with over 10,000
customers from across the world.