If your website uses WordPress, you should definitely take advantage of the automatic updater.
At the time of this writing, the most recent version of WordPress is 4.2.2, which was released on May 6, 2015. It’s a critical security release (as well as fixing 13 bugs in WordPress 4.2).
If your site is set up correctly and using the automatic updater, it probably updated itself, and sent you a confirmation email. Check your inbox for an email, dated May 6 or 7, from “WordPress” that has a subject line that looks like this:
[your-site-name] Your site has updated to WordPress 4.2.2
If you didn’t get a confirmation email, or you got an email urging you to update instead of confirming that the update already occurred, log into your WordPress dashboard to check whether automatic updates are enabled.
Visit Dashboard –> Updates, and look for a line of text that reads “Future security updates will be applied automatically”. If, instead, you see a notification that future security updates will not be applied automatically, here’s how to find out why, and get your automatic updates back on track.
Why use automatic updates in the first place?
The WordPress automatic update process only applies to minor versions, which are the version numbers that contain two decimal points: 4.2 to 4.2.1, 4.2.1 to 4.2.2, and so on.
When version 4.3 comes out, sites running 4.2.2 will not update automatically, even if they have automatic updates enabled, because 4.2 is a major release. When version 5.0 comes out, sites running 4.whatever won’t update automatically either. Major releases still need to be done manually (back up first, please!).
WordPress automatic updates have been available for more than a year now, and are incredibly safe. They almost certainly won’t break your site, and in fact will keep your site safer by installing the latest security fixes.
I have automatic updates enabled on all of my sites and all of my client sites, and I have never once had a problem with an automatic update breaking a site, going back to version 3.7.1 when automatic updates were first introduced.
That’s not to say that automatic updates are guaranteed to be problem-free. Yes, there’s always a chance of a problem occurring. But the numbers (not just my sites, but reported by WordPress.org) give me confidence that the security and ease of the automatic update feature is worth that very slight risk.
Also, this is another reason to set up automatic backup schedules, so you never have to wonder if you have a recent-enough backup of your site.
Why aren’t WordPress automatic updates working on your site?
Once the plugin is installed and activated, visit Dashboard –> Updates again. The plugin will automatically test your site and display the reason(s) automatic updates are failing.
If the stated reason is something you are comfortable fixing on your own, you can take care of the fix and re-run the test (simply visit Dashboard –> Updates again) to verify that it worked.
If you can’t perform the fix yourself, or you don’t even understand what the message means, the simplest thing to do is copy the plugin’s message and submit a ticket to your web host. Explain as briefly as possible that you want to take advantage of WordPress’s automatic updates, but the updates are not working on your site. Then paste the exact description/message that Background Update Tester provides. Your host will know what it means and what to do next. (If they don’t, consider a new host.)
If you see the following message for more than a few minutes:
Automatic background updates require a number of conditions to be met. Testing now…
Then either your WordPress version is too old to be compatible with the plugin (the plugin requires at least version 3.7), or there’s a much bigger problem with your site. In the unlikely event that this happens to you, I can diagnose the trouble with a Website Tune-Up.
The only legitimate reason to disable the automatic updater
I can’t think of a real-world case in which a self-hosted WordPress site should not use the automatic updater. Period.
If you are using a theme or a plugin that breaks or crashes your site when WordPress is updated, that theme or plugin is the problem, not WordPress. Theme and plugin developers have plenty of advance warning when a new version of WordPress is being tested and released, and it’s their job to test their own code with updated versions of WordPress.
Plugin conflicts are much thornier, because it’s impossible to test every combination of plugins out there. But well-coded plugins cause fewer conflicts, and good developers respond promptly when their plugin is reported to conflict with another one.
Here’s the only real-world case I can think of for not using the automatic updater: If you are hosted at a “managed WordPress host”, the hosting company may handle the automatic updates instead of letting WordPress update on its own. In fact, managed WordPress hosts will usually update major versions of WordPress as well, not just the minor versions.
If you’re not sure whether this applies to you, check with your web host. Look for something in your hosting plan description about WordPress updates, or ask them directly.
If you’re using a managed WordPress host, you’re in good hands, and you don’t need to worry about the WordPress automatic updater.