WordPress site owners are constantly asked to update their sites. But keeping track of updates is incredibly difficult, because of the frequency and number of updates to be made. This is why automating updates might a useful practice.

 

Making sure your WordPress site is up to date could be an overwhelming process, since there are so many releases.

 

If there’s one piece of advice in the world of WordPress for site owners, it’s this: update, update, update. Updating WordPress is easy in theory, especially since all site-owners receive notifications about core and plugin updates. When it has to be put into practice, though, updating WordPress is its own beast. Not only might updates break WordPress sites; they might also cause incompatibilities, and be impossible to undo as well. This is why it’s important to always have a reliable backup solution for WordPress sites.

Updating WordPress is an important task though, because of new features that might impact user experience, but also security updates that help against major vulnerabilities. However, with WordPress receiving updates very frequently on the Core as well as the add-on front, it is difficult to keep up with all the changes, and apply them. This is why automating updates on WordPress sites might be a workable solution for you as a WordPress site owner.

Types of WordPress Updates

While updates for WordPress add-ons have both developmental as well as security updates, updates for WordPress core perform different functions. Based on these functions, WordPress Core updates can be categorized into:

  1. Release updates, which contain both Major and Minor releases.
    1. Major updates contain developmental changes including the addition of new features, or changes to core technologies on WordPress. Every major release is named after a major jazz musician.
    2. Minor updates contain security patches and fixes. As a result, they are highly recommended, and are automated by default on every installation of WordPress. Every WordPress site is recommended to run these updates since they contain important security updates that keep WordPress sites safe.
  2. Developmental updates, which are only for the changes that might be unstable– these updates are what future developments are built on. Also known as ‘bleeding edge’ updates, they are only meant for sites running the developmental version of WordPress.
  3. Translation updates (which are language packs), and come in handy if your WordPress site has multilingual support.

Depending on your comfort-level with code, and the time you’re willing to spend maintaining your site, you could automate your WordPress site’s updates manually, with the help of a plugin, or via managed WordPress services. Every method has its pros and cons, so it’s best to choose one with careful thought.

Automating WordPress Updates the Manual Way

This method will require you to make changes to your WordPress installation’s core files.

How to automate updates to WordPress Core the Manual Way

Updating WordPress Core includes making changes to the wp-config.php file.

WordPress contains a parameter called define( ‘WP_AUTO_UPDATE_CORE’) in the wp-config file. The value you assign this function determines WordPress release update is automated.

To Automate All WordPress Core Updates

Assign the value ‘true’ to the above function, as demonstrated:

define( ‘WP_AUTO_UPDATE_CORE’, true );

This will enable the automation of all release updates, developmental updates, and translation updates on your WordPress site.

To Only Automate WordPress Core Minor Release Updates

As mentioned, WordPress automatically makes Minor release and translation updates to your site. However, if you disabled all automatic updates by assigning the above function the value ‘false, you would have disabled Minor updates too. Just assign the value minor to the same function above, instead of true. This will disable all updates other than Minor updates, which keep your WordPress site secure.

Here’s how you do it:

define( ‘WP_AUTO_UPDATE_CORE’, minor );

 

How to Automate Updates to WordPress Add-ons the Manual Way

Automatically updating add-ons isn’t recommended by WordPress, since the developers’ updates might work for that plugin/theme, but might be incompatible with other add-ons or elements on your WordPress site. However, if your WordPress site is simple and has very few plugins/themes that are compatible with each other, it might not be as big a problem.

In order to manually configure your installation of WordPress to update plugins & themes, you have to make modifications to a filter called auto_update_$type, found in the wp-admin folder. The value assigned to $type determines which WordPress add-on is updated automatically.

To automatically update all plugins on your WordPress site, the filter must read:

add_filter( ‘auto_update_plugin’, ‘__return_true’ );

To automatically update all themes on your WordPress site, the filter must read:

add_filter( ‘auto_update_theme’, ‘__return_true’ );

Pros of Manual Automation of Updates

  • The code isn’t complex, so it’s beginner friendly.
  • Manual automation is free.
  • WordPress site owners won’t have to install an extra plugin just to keep their site up to date.

Cons of Manual Automation of Updates

  • The changes have to be made to the WordPress wp-config.php files and the wp-admin folder. This might make some WordPress users uncomfortable, especially since changes to the WordPress core files are not recommended.
  • Making the changes to code might require some time, especially for WordPress novices.
  • If your site crashes with any update, you will have to check your site’s status after disabling each update manually.

 

Automating Your WordPress Site with Plugins

This method comes in handy for WordPress site-owners who do not want to tinker with code themselves, and don’t mind installing an extra plugin on their site. A couple of examples of plugins that help automate updates, are Advanced Automatic Updates, and WP Updates Settings.

How to Use the Advanced Automatic Updates Plugin

Step 1: Install and activate the plugin.

Step 2: Locate the plugin under your WordPress site’s Settings tab, and click on it.

Using the Advanced Automatic Updates plugin

 

Step 3: Check the kind of updates you would like to automate on your WordPress site.

 

Updating Themes with the Advanced Automatic Updates plugin

 

If you would like notifications about these updates to be sent to an email address other than the one of the site owner, you can enter it here:

 

Notifications with Advanced Automatic Updates

 

As you can see, you can also disable email notifications about the same, and request for debug information (in case you’re running development updates).

How to Use the WP Updates Plugin

Step 1: Install and activate the plugin.

Step 2: Just like for the Automatic Updates plugin, locate the Updates tab under your Settings tab, and click on it.

 

The WP Updates plugin shows up under Settings

 

Step 2: Choose the kind of WordPress Core release updates you would like to automate on your WordPress site.

 

Core Updates with the WP Updates plugin

 

Step 3: Choose whether you would like to automatically update add-ons on your WordPress site.

 

Plugin and theme updates with the WP Updates plugin

 

Step 4: If you’d like translation and developmental updates, click on the appropriate check-boxes.

 

Click on these checkboxes if you want other updates also to be automated.

 

Pros of Automating Your WordPress Updates With a Plugin

  • These plugins do the work for you: you don’t have to manually tinker with any code; they’ll do it for you.
  • Most plugins that automate WordPress sites allow you to enable or disable different updates with a single click.

Cons of Automating Your WordPress Updates With a Plugin

  • This will require you to install an extra plugin just for updating your WordPress site.
  • Some plugins only update WordPress core, while others will allow you to update add-ons as well.
  • You, as a WordPress site owner, will still need to weed out problems if your site crashes with updates.

Using Managed Services to Automate Your WordPress Site

There are two types of managed services you could use to automate updates on your WordPress site: managed WordPress hosting, and WordPress support and maintenance services.

Managed WordPress Hosting

These services help manage your WordPress site’s hosting issues, as well as a few issues related to your WordPress site as well. A couple of examples of managed WordPress hosting services/ managed WordPress hosting providers are Flywheel, and WP Engine. These services automate the update of your entire WordPress site, but after the following steps meant to benefit you no matter the state of compatibility of your WordPress site:

  1. The hosting provider checks their systems for compatibility with WP updates (whether this includes both core and add-on updates depends on the web host).
  2. They then mail you beforehand with the dates for your WordPress site’s update.
  3. Every managed hosting service performs a backup of your WordPress site before the update. Only after this do they perform the update.
  4. Once they perform the update, they check for issues.
  5. If your WordPress site is not compatible with the update, the managed hosting provider restores your site with the backup that they made.
  6. The service then mails you about the status of the update (successful/unsuccessful, and reasons if unsuccessful).
  7. If you’ve tested your site and found it incompatible, you can ask certain web hosting services to postpone updates till you fix the issue at hand.

Notes:

Plugin and theme updates are not done automatically by managed WordPress hosting services, simply because different plugins have settings that might conflict with each other and break your site.

If you’d still like to automate the updates of add-ons, you can get in touch with your WordPress host about the same.

Since each managed hosting service has different terms and conditions, and pricing plans, it is recommended that you read their documentation carefully, and then get in touch via email or from their in-website chat support.

Pros of Using a Managed Web Hosting Service With Automatic WordPress Updates

  • You, as a WordPress site owner, don’t have to fiddle with the WordPress core files.
  • Your WordPress hosting service tests and runs WordPress updates for you.

Cons of Using a Managed Web Hosting Service With Automatic WordPress Updates

  • Managed WordPress hosting comes at a price.
  • These services don’t take care of all the issues that might come up during updating your WordPress site. If your site has certain customizations that makes it incompatible with WordPress updates, these services might mail you asking for you to seek a professional developer’s assistance. This means even if you’re paying a premium price for managed hosting, you might also have to hire a WordPress developer separately.

WordPress Support and Maintenance Services

WordPress support and maintenance services (such as WP Curve, WP Maintainer, and Valet), are perfect for super-busy site owners who can afford to have a full-time service just for maintaining their WordPress sites. In terms of updates and maintenance, these services usually perform the following functions:

  1. Core and add-on updates.
  2. Support/repairs in case of incompatibility.
  3. Audit of the security and maintenance of your site so the chances of it breaking upon update are reduced.
  4. Regular backups to rely on in case of incompatibility with any update.

Similar to managed WordPress hosting services, it is recommended that you go through the list of their offerings, (and their pricing plans) carefully. All you have to do after that, is contact them over email, or from their respective websites.

Pros of Depending on WordPress Support and Maintenance Services

  • Since you are paying these services specifically to maintain your WordPress site, you can expect them to solve any problems you might have while updating your WordPress site.
  • You need not hire a developer to this end.

Cons of Depending on WordPress Support and Maintenance Services

  • These services come at a premium price, and usually require you to pay more in order to fix issues that might come up during updates. Each service has its own pricing plan.
  • A number of maintenance and support services do not provide free support, so if you run into issues with your site, it might be expensive to get them sorted out.

Automating your WordPress site might seem like an easy fix that will help your WordPress site stay up to date with security patches and new features, but it also comes with many caveats. Not only might updates your site break, but they might also be difficult to undo. This is why it is imperative for every WordPress site owner to maintain a recent, secure backup of their WordPress sites that can be relied on.

Making WordPress Backup to your Google Drive account may mean that you are choosing convenience over efficiency and security. Here’s why.
 

Uploading WordPress Backups to Google Drive

Google Drive presents a convenient option. To begin with it is accessed with your Google account. No multiple logins. Added to this 15 GB of storage space is free to users.

 

Google Drive seems like the perfect vault to store your WordPress backups in.
Google Drive seems like the perfect vault to store your WordPress backups in.

 

You can simply choose among the many plugins which allow you to upload your WordPress backups to Google Drive. UpdraftPlus, BackupGuard, and WP Database Backup are all example of plugins in the WordPress repository which allow you to do just this. However keep in mind in some cases, you may have to pay for an add-on to add Google Drive to your list of backup destinations.
 

Setting Up Google Drive with Your WordPress Backup Plugin

This process may take some steps to get through, but if you follow the documentation of the respective plugins it will be easy. However, the point to keep in mind is that setting up your Drive account with your backup plugins generally means that the plugin stores a ‘client ID’ and ‘client secret’ to your Drive account. This is how the plugin can upload backups to your Drive account. However, this can be a double-edged sword.
 

WordPress Backups to Google Drive: Pros & Cons

Google Drive gives users 15 GB of free storage space. This may prove sufficient if your site is not  large. The economic benefits from using a free plugin and having free storage space cannot be discounted without consideration. Along with this, you can gain access to your Drive account with your Google credentials; no extra logins required.

However, the very same advantages have another face when viewed from the perspective of control, efficiency, and security.
 

WordPress Restores from Google Drive

All backups are about restores. This means making restores must be easy and it must give full control. Backup files uploaded to Google Drive by plugins may not allow for this. It is true that with plugins like UpdraftPlus you can restore directly from your WordPress admin dashboard. However, this may not be enough.

Backups uploaded to Drive are usually in .zip folder; and that makes it very hard for you to find and restore individual files. This is, if your plugin allows for restoration of individual files; which is not always the case.

Restoring individual files has its benefits. Large sites take time to restore. This means more downtime. In other cases your hosting service may limit the time for each action. This is true of most cases, and in such cases your website may have to be manually restored. This is not a burden your business needs.  On the other hand, restoring individual files means that you can avoid all these complications and not suffer the cost from unnecessary downtime. With each passing day this cost continues to increase. For this reason, having more granular control over your backups and restores is important.
 

Are your Backups Secure in Your Google Drive Account?

The other point to consider is that your backups may be vulnerable because a single set of login credentials gives you access to all your accounts. If that is compromised then your backups may be compromised too. The other way is that if your WordPress site is hacked, then that may lead the hackers to your backups since your plugin stored the ‘client ID’ and ‘client secret’ to Drive account.
 

WordPress Backup to Google Drive: Storage Space Issues

In the case that your Google Drive account runs out of space, how will your plugin continue to make backups? You may want to know if you’ll get notifications from the developers of the  backup plugin you use. If this is not the case, then you may not have backups to make restore; which is when you need them the most

While convenience is one factor, uploading your WordPress backups to your Google Drive account may not allow you to practice WordPress backup best practices.
 

No Backup Descriptions

Now let us say that you are following good login practices, using smart passphrases, and following the basic security practices well. You also don’t mind making manual restores. In such a case you may be okay with a plugin which uploads your WordPress backups to your Google Drive account. While this not advisable from a security standpoint, you may still have to contend with another issue– backup descriptions.

As mentioned plugins usually upload your WordPress files in .zip files. The file names may have the date and time when the backups were made but not much else. When you want to manually restore a file you may want a description of what has changed from one backup version to the next. Without this, you may spend a considerable amount of time sifting through files, or spend time organizing backups in your Drive. Either way, you have to invest a considerable amount time and labor.

Tip:
When backing up to Google Drive, ensure that you label the downloaded backups in an organized manner, so you can categorize and differentiate backups. This will be helpful when you have to restore your site.
 

You need to safeguard your data in a more robust manner to ensure that in your hour of need you know not only know that you have access to backups but also that they are functional. Especially, if you’re running a small business or a popular blog then you might want to look at a more complete WordPress backup solution and continue making WordPress backup to Google Drive only as an additional step.

WordPress website owners are always cautioned to keep their installations of WordPress, plugins and themes up to date. But when a plugin hasn’t been maintained or updated from the developer’s end, potential exploits threaten everyone who has it installed.

Being someone who grew up in the 90’s, I still love video and audio cassettes. But as the world progressed to new technologies, the companies making the cassettes kept updating their technologies and methods too, and for good reason. No matter how I loved the uniqueness of magnetic tape, even I understood that it had its faults. It was time to move on.

 

The charm of old cassettes lingers

 

Most of the time, WordPress works in the same way too. The minute a problem is identified, developers work to release a fix for it, whether it’s an add-on or something on WordPress core.

This is why almost every piece of advice on the internet about ‘security practices for WordPress’ always first mentions that WordPress site users have to update every element on their site.

But what does one do when the technology itself isn’t updated, and after a vulnerability has been reported? The possibilities this opens up to hackers, are endless, which makes this a particularly alarming situation.

What makes it worse, is the fact that not many novice WordPress site owners know what to do when a plugin/theme/widget hasn’t been updated from the developer’s side. This became the most relevant, when El Rincón de Zerial’s security blog reported a cross-site scripting vulnerability in W3 Total Cache, at the end of September.

About W3 Total Cache

W3 Total Cache is a WordPress caching plugin that helps sites load faster. A website’s load time, as any website owner knows, affects its reputation, views, and business. The faster it loads, the better it is perceived by its visitors. This is why caching plugins are so widely used in the WordPress community.

W3 Total Cache in particular, had over 1 million active installs when the vulnerability was declared.

 

A screenshot of W3Total Cache from https://www.w3-edge.com
A screenshot of W3Total Cache from the W3 Edge website

 

This was because it had features that made it considerably better than other caching plugins, according to those who used it. Not only did the plugin caches every aspect of the WordPress site, from the HTML elements to objects in WordPress sites’ database, it also cached mobile cache well. Most other caching plugins only cached the HTML elements of a page, making their performance considerably lower.

The plugin, according to its page on the WordPress.org repository, has been used and trusted by companies websites AT&T, mashable.com, and pearsonified.com, amongst others.

About W3 Total Cache’s vulnerability

When the XSS vulnerability was reported, users of the plugin had already been complaining about support-related issues for six months, and had received no response  from the team that had developed it.

To add to this, the previous major ‘update’ to the plugin was only a simple change that made sure the plugin was compatible with the then latest versions of WordPress. Understandably there was concern over the potential damage this vulnerability could wreak if it was exploited.

But this wasn’t the first time the plugin had displayed vulnerabilities. Just as with any other plugin, W3 Total Cache had its share of loopholes, that were sometimes exploited, as with the case of other caching plugins like WP Super Cache too.

The good news

The silver lining in this situation, was the fact that the original developers of the plugin released an update six days after the vulnerability was disclosed. And not only did the update feature a patch for not just this exploitable loophole, but also another four more that were disclosed by SecuPress. Moreover, it also introduced a number of new features.

The bad news

However, a number of users of the W3 Total Cache who updated their versions of the plugin have reported that it breaks their sites, or renders some features useless.

What to do in case of an outdated plugin

This brings us to the most important course of action. When faced with a plugin or theme that is obviously out of date:

  1. Disable the plugin/theme until an update addressing the vulnerability has been released
  2. If it’s not a premium plugin or theme, follow its support forum on WordPress.org
  3. If an update with the patch for the vulnerability takes more than 48 hours to come through since the vulnerability is announced, try and contact the developer informing them about the vulnerability and quoting your sources.
  4. In the meanwhile, try and find alternatives that are compatible with your site in order to keep your site fully functional.
  5. If the update takes more than a month to come through, you could ask the community if someone would like to adopt the theme/plugin. Obviously this procedure has steps that you will have to follow, after communicating the problem to both, the WordPress team, and the community.

This is why it’s important to always have a backup plan: you never know when a plugin is going to stop being updated.

After all, a number of contributors are developers who contribute to the community as a hobby. It takes a lot of time and effort to not only create a plugin, but to identify how to patch up vulnerabilities and do it according to the best security practices as well.
Moreover, when the plugin/theme is actually updated, you never know if it’s going to break your WordPress site. Reliable backup solutions that allow you to test your backups before they go live on your site, are not just an option in such cases… they’re a necessity.

 

WordPress offers countless themes and plugins to its users, all of which have resulted in an exponential expansion of WordPress functionality, without changing its core structure. Today, whatever it is you wish to do with your website/on your website/to your website, there’s a plugin/theme for you to work with.

To the untrained eye, all plugins and themes appear the same, well coded or not. It takes an experienced programmer to distinguish between a plugin or theme that’s well-built and one that’s not. In most cases, you get what you pay for; if a plugin or theme is free/cheap, there’s a reason for it – the plugin/theme could be outdated, buggy, bloated, or unsecure. Of course, this does not mean that expensive themes and plugins are infallible and perfect – no plugin/theme is. Therefore, it is always wise to exercise caution while trying out a new theme or plugin on your site for the first time.

How much harm can a badly written code cause?

A low quality code, or an improperly tested code, more often than not results in a poor user experience; it has the potential to hurt the entire WordPress ecosystem. One of our customers, A. Hanna of the Saudi Arabian Cultural Mission in New Zealand, ran into a bit of trouble recently when his website, one fine day, displayed a fatal error at the bottom of the page. Even after restoring to an older backup version of the site, the fatal error was still present. Clueless as to the reason behind the error, and worried sick about his website, he wrote to our Support team at BlogVault.

screenshot of the fatal error
The Fatal Error that appeared on Customer’s Site

On analyzing the situation, our support team found that the theme used by the creator of the website had an RSS feed coming from another website, which was giving out a fatal error. The root cause of the problem however was that the code handling the RSS feed had a bug, which surfaced when the fatal error occurred. In a nutshell, the theme had a faulty code, which caused the website to display the fatal error. Although this issue was out of their scope, our support team went the extra mile to advice the customer on how to resolve the bug and get things sorted.

code snippet screenshot
The Code Snippet that was causing the Issue

Now, if one minor bug in your theme can give you so much pain, imagine what a badly written theme could do! The same goes for plugins too. Remember, a theme that looks good or a plugin that sounds great does not necessarily have to be properly coded. As the age-old adage goes, do not judge a book by its cover.

So what should you do?

For starters, before purchasing any theme/plugin, do a thorough background check of its source – read as many reviews as you can; see what other users have to say about the theme/plugin that you’re interested in. These offer tell-tale signs as to whether or not you’ll have a good experience with the theme/plugin. Also, make sure that the theme/plugin is well-documented, so you have ample instructions on how to configure it. Further, it is advisable to check when the theme/plugin was last updated, and if it’s well supported.

The Last Word

Themes and plugins are powerful in terms of what they can do to your website – they can make or break it. Anything can happen when you install a new plugin/theme on your website. Every plugin you install and every theme you activate, is a potential security risk to your site. So do yourself a favour and make a complete backup of your website before clicking on ‘Activate’.

The purpose of a business website it to produce a result of some kind. It could be educating your prospective customers about the products/services you provide or enticing the customer to buy the service or make a purchase.

In the early days of the Internet (read 1990s), building and maintaining websites was an expensive proposition and hence only large enterprises could afford this luxury. Add to that, there was no clear understanding of what the website was supposed to do and businesses were at the mercy of the geeks to get even small changes done.

The advent of WordPress and other CMS sites (such as Joomla, Drupal to name a few) changed all this. Small (or large for that matter) want websites to offer stability (be up all the time), speed and most importantly peace of mind – the fact that the website should “just run” – without having to worry about the technical mumbo-jumbo. And this is what WordPress does best!

– It is very fast and easy to deploy (most of the hosting providers give you a 1-click install)

– Low Cost

Search engine friendly – keeps code fresh, has awesome set of plugins to help you make your site easy for search engines to crawl

– Huge array of plugins to do anything and everything to want

In fact, Rick Nielsen mentions in his WordCamp talk that it seems WordPress is being developed keeping the small businesses in mind. This is apparent in the features being added, plugins being developed and the design of the program to ease deployment and maintenance tasks.

Watch the video here:

How to Add Custom Post Type to XML-Sitemap Generator (via wpmodder.com)

XML-Sitemap Generator plugin plugin creates and updates your XML Sitemap whenever you add a new page or post BUT it does not account for custom post types. We did our due diligence and read through the plugin documentation and forum threads, and even found a plugin that hooks into the XML-Sitemap plugin to include custom post types, but decided not to use it because of forward compatibility if the XML-Sitemap plugin gets updated to include custom post types.

Read more: http://wpmodder.com/how-to-add-custom-post-type-to-xml-sitemap-generator-1206.html

5 Surprising Observations from BlogWorld Expo New York City (via bobwp.com)

Most bloggers go the session-recap, photos-with-peeps and pictures-of-massive-plates of-food route. I could do that, too, but I’ve decided instead to offer a few BlogWorld observations that intrigued or surprised me.

Read more: http://www.bobwp.com/5-surprising-observations-from-blogworld-expo-new-york-city/

 

Cool WordPress shortcode plugins to snap your blog into style (via wpmu.org)

Shortcodes are, imho, one of the best things to happen to WordPress. They allow you to do all kinds of cool things on your blog with just a few mouse clicks; like create beautiful buttons, boxes, columns and tabs. Today, I’d like to share 3 of my favorite shortcode plugins to do just that, and then some… check out #3 on the list; it’s awesome!

Read more: http://wpmu.org/cool-wordpress-shortcode-plugins-to-snap-your-blog-into-style/