Automatic Updates for WordPress Plugins and Themes
March 16, 2015Last week, a security vulnerability in Yoast’s WordPress SEO Plugin was discovered and fixed. It was responsibly disclosed and a bugfix was released promptly.
So far so good. But i – as well as many others – was surprised (to say the least), when i found out that the plugin was already updated without me or my clients doing anything.
It turns out that the WordPress.org Security Team decided that this vulnerability was severe enough to justify an automatic rollout for all sites which have the plugin installed.
By default, automatic background updates only happen for plugins and themes in special cases, as determined by the WordPress.org API response, which is controlled by the WordPress security team for patching critical vulnerabilities.
In principle i appreciate the possibility to push out important security related updates to all WordPress Installs around the world and i’m aware that we already do something similar with minor core updates, but the way this happens needs some refinement.
Notifications
It needs to be clear when something has been updated automatically. Period. Admins need to get an email (like they do for automatic core updates) and maybe there should also be a notification in the admin area / dashboard on next login.
Documentation
The whole process of automatic Updates for Core and Plugins needs proper documentation in the Codex so everyone is on the same page what happens, when it happens and why it happens, when it happens. This alone would have calmed down the whole confusion a lot last week. I know there are people working on this and the according Codex has already been updated since last week, which made it a lot more clear. The quoted description on top of this post was added after last weeks Update.
An Option to disable automatic updates?
It should be easily possible to disable automatic updates altogether and it should be crystal clear which auto-updates (core/plugins/themes) are affected. I’m ok with this being opt-out, but it needs to be possible in an easy way. Right now you could disable auto-updates by setting a filter like this:
add_filter( 'auto_update_plugin', '__return_false' );
Maybe even a UI-Option to opt-out should be considered.
(This, as said above, has also been updated in the Codex to better explain how to disable certain updates)
Idea: Opt-In Auto-Updates, but different / better Notifications for Admins
I think automatic plugin updates should be a last resort. First of all, i just don’t like the idea of messing around with someone else’s site without their consent. What if something goes wrong with their site during the update? What if they edited some lines in said plugin and the update overwrites their changes? What if a site doesn’t have any kind of backup in place? I know, i know, that’s all awful bad stuff and no one would ever do such terrible things. And yet those things happen! They happen all the time, whether we like it or not.
So, why don’t we implement a better way for admins to distinguish severe plugin updates from normal updates. The only thing it would need would be some kind of a “severe” flag which states that this update is really, really important and then we could add a prominent notification to the Dashboard. Of course, this should also send an email to admins to notify them that they should login and update this particular plugin.
Maybe a combination of this and Auto-Updates could also be done: A notification sent out to admins to let them know that in 48 hours plugin X will be updated automatically if no action is taken and an explanation why this update is important and so on.
This way the admin still has full control of his site, as he should, and would still get notified to take some action if needed.
Another Idea: Auto-Disabling?
Basically the same idea as the last, but instead of updating, the plugin would get disabled, instead of updated, after a certain period of time (e.g. 48h) when no action is taken.
I’m not yet sure what the best solution will be. But what i’m sure is we will have to find a better way than messing around with anyone’s site without letting them know.