If your website uses WordPress, you should definitely take advantage of the automatic updater.
If your site is set up correctly and using the automatic updater, it’s already updating itself, and sending you a confirmation email each time this happens. Check your inbox for an email from “WordPress” that has a subject line that looks like this:
[your-site-name] Your site has updated to WordPress 5.2.3
If you don’t have any of these confirmation emails, or you have received emails urging you to update instead of confirming that the update already occurred, log into your WordPress dashboard to check whether automatic updates are enabled.
Visit Dashboard –> Updates, and look for a line of text that reads “Future security updates will be applied automatically”. If, instead, you see a notification that future security updates will not be applied automatically, here’s how to find out why, and get your automatic updates back on track.
Why use automatic updates in the first place?
The WordPress automatic update process only applies to minor versions, which are the version numbers that contain two decimal points: 4.2 to 4.2.1, 4.2.1 to 4.2.2, and so on.
When a major version (a version containing only one decimal point, like 5.2 or 5.3) is released, sites will not update automatically, even if they have automatic updates enabled. Major releases still need to be done manually (back up first, please!).
WordPress automatic updates have been available since 2013, and are incredibly safe. They almost certainly won’t break your site, and in fact will keep your site safer by installing the latest security fixes.
I have automatic updates enabled on all of my sites and all of my client sites, and I have never once had a problem with an automatic update breaking a site, going back to version 3.7.1 when automatic updates were first introduced.
That’s not to say that automatic updates are guaranteed to be problem-free. Yes, there’s always a chance of a problem occurring. But the numbers (not just my sites, but reported by WordPress.org) give me confidence that the security and ease of the automatic update feature is worth that very slight risk.
Also, this is another reason to set up automatic backup schedules, so you never have to wonder if you have a recent-enough backup of your site.
What if WordPress automatic updates aren’t working on your site?
The plugin hasn’t been updated since 2014, so you will see a warning that it hasn’t been tested with your version of WordPress. I don’t take these warnings lightly, but in this case, the plugin is so simple and lightweight that I believe it remains safe to use. Plus, you’re only going to use it for short-term testing — you don’t need to keep it activated and can safely delete it once you’ve tested your background updates.
Once the plugin is installed and activated, visit Dashboard –> Updates again. The plugin will automatically test your site and display the reason(s) automatic updates are failing.
If the stated reason is something you are comfortable fixing on your own, you can take care of the fix and re-run the test (simply visit Dashboard –> Updates again) to verify that it worked.
If you can’t perform the fix yourself, or you don’t even understand what the message means, the simplest thing to do is copy the plugin’s message and submit a ticket to your web host. Explain as briefly as possible that you want to take advantage of WordPress’s automatic updates, but the updates are not working on your site. Then paste the exact description/message that Background Update Tester provides. Your host will know what it means and what to do next. (If they don’t, consider a new host.)
If you see the following message for more than a few minutes:
Automatic background updates require a number of conditions to be met. Testing now…
Then either your WordPress version is too old to be compatible with the plugin (the plugin requires at least version 3.7), or there’s a much bigger problem with your site. In the unlikely event that this happens to you, I can diagnose the trouble with a Website Tune-Up.
The only legitimate reason to disable the automatic updater
I can’t think of a real-world case in which a self-hosted WordPress site should not use the automatic updater. Period.
If you are using a theme or a plugin that breaks or crashes your site when WordPress is updated, that theme or plugin is the problem, not WordPress. Theme and plugin developers have plenty of advance warning when a new version of WordPress is being tested and released, and it’s their job to test their own code with updated versions of WordPress.
Plugin conflicts are much thornier, because it’s impossible to test every combination of plugins out there. But well-coded plugins cause fewer conflicts, and good developers respond promptly when their plugin is reported to conflict with another one.
Here’s the only real-world case I can think of for not using the automatic updater: If you are hosted at a “managed WordPress host”, the hosting company may handle the automatic updates instead of letting WordPress update on its own. In fact, managed WordPress hosts will usually update major versions of WordPress as well, not just the minor versions.
If you’re not sure whether this applies to you, check with your web host. Look for something in your hosting plan description about WordPress updates, or ask them directly.
If you’re using a managed WordPress host, you’re in good hands, and you don’t need to worry about the WordPress automatic updater.