6 Replies - 223 Views - Last Post: 16 December 2019 - 07:09 PM Rate Topic: -----

#1 sayhello   User is offline

  • D.I.C Regular

Reputation: 4
  • View blog
  • Posts: 302
  • Joined: 12-November 17

A WordPress automatic update-option: can this harm my website?

Posted 16 December 2019 - 10:13 AM

good day dear experts, 

 

well my Wordpress site is automatically updating itself when a new version of Wordpress is available. This is the good news:  I know that this automatic feature is available in Wordpress since sometimes back. But I have some questions about this:

the question is:  A WordPress automatic update-option: can this harm my website?

- Can this be risky in any case?
- do i need to have any server conditions that are risky?
- Does Wordpress have a way to recover our website if anything goes wrong?
- Does WordPress keep any backup when doing the update?

- and finally : Does it matter how we have installed Wordpress? (e.g plugins and security settings)!? - i am thinking bout all these questions for quite a long time. 


Let me express my woes bout the server-configuration - that we need to meet the needs for an automated update process. i guess that there is always some risk. But with the default of only doing minor core release we might be pretty safe. 
Also we should think of how while being some risk itself the update also protects all of us from other risks by e.g. fixing security issues. Automatic Background Updates have been introduced in WordPress  a long long time ago guess it was the version 3.7. 

In WordPress, there are four types of automatic background updates:

Core updates
Plugin updates
Theme updates
Translation file updates
Core Updates #Core Updates
Core updates are divided into three sub-typologies:

- Core development (only available for development installations)
- Minor core updates (maintenance and security) – enabled by default in stable installations
- Major core updates
- WordPress allows you to automate the update process for any of these typologies providing two wp-config.php constants and a good number of API filters.

Controlling Background Updates Through wp-config.php
WordPress provides a couple of wp-config.php constants that allow us to control auto-updates. Setting AUTOMATIC_UPDATER_DISABLED to true will disable any kind of automatic upgrade:

 
define( 'AUTOMATIC_UPDATER_DISABLED', true );
WP_AUTO_UPDATE_CORE allow us to control core updates (minor, major and development releases). This constant can be defined as follows:

# Disables all core updates:
define( 'WP_AUTO_UPDATE_CORE', false );

# Enables all core updates, including minor and major:
define( 'WP_AUTO_UPDATE_CORE', true );

# Enables minor updates:
define( 'WP_AUTO_UPDATE_CORE', 'minor' );
In development installations WP_AUTO_UPDATE_CORE defaults to true. In stable installations it defaults to minor.


 

For the sake of completeness, I should mention an additional constant that can be defined to disable auto-updates. However, setting its value to true will disable any file edits, even themes and plugin installations and manual updates.
define( 'DISALLOW_FILE_MODS', true );



Instead, you may prefer to define the DISALLOW_FILE_EDITS constant, which would disable the file editor, but keeping safe the installation and update functionalities.

Related tutorial: wp-config.php File – An In-Depth View on How to Configure WordPress

Controlling Back

Codex for more info on how to do that: http://codex.wordpre...kground_Updates
Again you can find more info at the Codex: https://codex.wordpr...ating_WordPress
regular backups anyway: https://codex.wordpr...rdPress_Backups


conclusio
: Automatic background updates were introduced in WordPress 3.7 in an effort to promote better security, and to streamline the update experience overall. 
By default, only minor releases – such as for maintenance and security purposes – and translation file updates are enabled on most sites. 


the question is: is there any risk in configuring the server so that tha auto updates are working!? 



Is This A Good Question/Topic? 0
  • +

Replies To: A WordPress automatic update-option: can this harm my website?

#2 modi123_1   User is online

  • Suitor #2
  • member icon



Reputation: 15497
  • View blog
  • Posts: 62,058
  • Joined: 12-June 08

Re: A WordPress automatic update-option: can this harm my website?

Posted 16 December 2019 - 10:17 AM

Are you paying for wordpress hosting to include backups, or did you install https://wordpress.org/ on your own hosting?

https://wordpress.com/pricing/
Was This Post Helpful? 0
  • +
  • -

#3 ArtificialSoldier   User is offline

  • D.I.C Lover
  • member icon

Reputation: 2494
  • View blog
  • Posts: 7,551
  • Joined: 15-January 14

Re: A WordPress automatic update-option: can this harm my website?

Posted 16 December 2019 - 10:19 AM

Most of these questions are probably better directed at the Wordpress forum if you're looking for answers specific to that software.
Was This Post Helpful? 0
  • +
  • -

#4 no2pencil   User is online

  • Professor Snuggly Pants
  • member icon

Reputation: 6839
  • View blog
  • Posts: 31,514
  • Joined: 10-May 07

Re: A WordPress automatic update-option: can this harm my website?

Posted 16 December 2019 - 11:48 AM

View Postsayhello, on 16 December 2019 - 12:13 PM, said:

the question is:  A WordPress automatic update-option: can this harm my website?

- Can this be risky in any case?

Are you updating production, or non production?

If you are applying auto-updates to production, absolutely this is a huge risk.

Quote

- Does Wordpress have a way to recover our website if anything goes wrong?

Assuming that this is your server, no. You would need to create an archive of your site files & database prior to performing an update.
Was This Post Helpful? 0
  • +
  • -

#5 sayhello   User is offline

  • D.I.C Regular

Reputation: 4
  • View blog
  • Posts: 302
  • Joined: 12-November 17

Re: A WordPress automatic update-option: can this harm my website?

Posted 16 December 2019 - 04:31 PM

good day dear no2pencil, ArtificialSoldier and good day dear modi123


first of all; many thanks for the reply. I am glad that i am here in this forum - at this great place for idea sharing and knoweldge-exchange.
thanks for your reply and the ideas that you share here:

modi123:

Quote

Are you paying for wordpress hosting to include backups, or did you install https://wordpress.org/ on your own hosting?




no2pencil:

Quote

Are you updating production, or non production?
If you are applying auto-updates to production, absolutely this is a huge risk.


and

Quote

Assuming that this is your server, no. You would need to create an archive of your site files & database prior to performing an update.


yes it is my server.

i have several sites up and running – and i would love to have an automated update of plugins. but the server-admin is security-experts he has argued that this is a bit unsecure.

can you advice me here...

– what is needed to run the automated updates of plugins!?
– do i need to have suPHP enabled
– what else do i need to have?

by the way: i came across this atricle

https://www.serverst...tps-or-ssh/0020



Quote

When working with WordPress in a more secure environment where websites are not entirely world-writable, you will notice upgrades request FTP or FTPS credentials as the server itself does not typically have write access in properly-configured environments. Entering these credentials for every upgrade can become quite tedious, and WordPress has implemented some constants you can define within wp-config.php to make upgrades automatic.

It should be noted here that you can also make upgrades automatic by setting the file ownership of all files within the WordPress directory to the same user/group under which the webserver is running. THIS IS HORRIBLE SECURITY PRACTICE!

While storing your FTP credentials for a specific user can also be considered insecure in certain instances, it can be a very safe method to automate WordPress updates under the proper conditions. Some general considerations which can make stored credentials MUCH more secure include:




end of cit: see more here https://www.serverst...tps-or-ssh/0020


well can you advice me

– what is needed to run the automated updates of plugins!?
– do i need to have suPHP enabled
– what else do i need to have?


by the way
– i need to have a overview on all necessary conditions and things…. – there a plugin suggests to get done all the things – i t is called infinitewp – but i guess that – to run this – i need to have the horrible server conditions too!?

What do you think!?

dear no2pencil, ArtificialSoldier and dear modi123 - I look forward to hear from you

regards
Was This Post Helpful? 0
  • +
  • -

#6 no2pencil   User is online

  • Professor Snuggly Pants
  • member icon

Reputation: 6839
  • View blog
  • Posts: 31,514
  • Joined: 10-May 07

Re: A WordPress automatic update-option: can this harm my website?

Posted 16 December 2019 - 06:15 PM

The fun thing about your posts, is how you always ignore the answers provided, & pivot onto other questions.
Was This Post Helpful? 0
  • +
  • -

#7 modi123_1   User is online

  • Suitor #2
  • member icon



Reputation: 15497
  • View blog
  • Posts: 62,058
  • Joined: 12-June 08

Re: A WordPress automatic update-option: can this harm my website?

Posted 16 December 2019 - 07:09 PM

If it is your own install then it is your job to do backups. Plain and simple.
Was This Post Helpful? 0
  • +
  • -

Page 1 of 1