WordPress updates guarantee the security, performance and compatibility of your site with the various plugins, as well as with the new versions of PHP that come out every year. But updating manually can be tedious, and like all humans, there's always the risk of forgetting. The solution: automatic updates. But is it a good solution?
Is it really necessary to activate automatic updates? What are the risks, benefits and drawbacks? What precautions should you take?
With modern tools like the Plesk WordPress Toolkit provided on the web hosting for WordPress at LRobthe question arises: do we want maximum safety, or maximum reliability?
Contents
Security: a strong argument for automatic updates
Security flaws are discovered every day, exposing your site to hackers if they aren't patched quickly. Patches are released rapidly by WordPress teams or plugin/theme developers. If you don't apply these updates quickly, you run the risk of falling victim to an attack.
Enable automatic updates to :
- not to forget to do it manually,
- protect the site continuously,
- reduce the mental burden of technical management.
The other side of the coin: the risk of critical errors
Occasionally, an update may cause a critical error:
- a poorly coded plugin,
- a conflict between two extensions,
- an incompatible modification in the theme,
- or simply a nasty surprise.
These situations are rare, but they do occur, and are all the more frequent if your site uses a large number of plugins, and these are at risk of being abandoned or poorly developed.
On a complex, e-commerce or highly personalized site, the consequences can be significant and the question arises: do you want maximum security, or maximum reliability?
Regular updates limit problems
The longer you wait to update your site, the more changes you'll have to catch up on. This multiplies the risk of conflicts and bugs, and complicates diagnosis. If you have 20 updates at the same time, you run the risk of running into several bugs at the same time, making diagnosis exponentially more difficult.
Regular updates, even automatic ones, allow :
- to keep the site close to the current version,
- to avoid major surprises,
- to make debugging faster and easier.
Active surveillance: an excellent palliative
If you decide to enable automatic updating, then a monitoring solution such as Uptime Kuma seems necessary to avoid unpleasant surprises, for example during a customer meeting!
That's why LRob monitors the availability of all hosted sites as a preventive measure. In the event of a breakdown, an alert is generated and action can be taken quickly.
However, some internal errors (such as blocked admin access) can only be detected by actually visiting the site. This is very rare, but it's important to bear it in mind.
Solid backups: the essential safety net
You need to be able to back up easily in the event of a problem. That's why you need to make backups of your site... And it's also why these backups should never be made and restored solely from your site, but must be managed from your hosting! After all, if your site is inaccessible, how are you going to restore the backup?
At LRob, all hosting is backed up daily, with a retention period of one year! This means you can restore a plugin, theme, database or entire site to an earlier date on request, in the event of a problem.
In addition, you have :
- complete logs to quickly analyze the origin of a problem,
- the WordPress Toolkit, which allows you to deactivate a plugin even if the site is broken (error 500, white screen, etc.),
- Experienced support (more than 10 years of WordPress expertise!) to help you if you need it.
Complex sites: a case apart
E-commerce sites, membership sites or sites with a high degree of customization need to be managed more carefully. For these projects :
- enabling automatic updates can be risky,
- but not doing so exposes you to loopholes,
- the right strategy depends on the complexity of the site.
In this case, a mix of automatic updates for some plugins, and tested manual updates for others, is often the right compromise.
For very large sites with big budgets, a "staging" environment (development/testing) can be set up to test updates. Plesk-based hosting solutions, such as LRob's, make this easy, thanks to its ability to clone your WordPress instance on a sub-domain. A function offered by the WordPress Toolkit, which we'll talk about next.
Plesk's WordPress Toolkit makes updates easy
LRob hosting solutions run on Plesk, which integrates the powerful WordPress Toolkit. It enables :
- enable or disable automatic updates for WordPress core, plugins and themes,
- to manage these updates even when the site is temporarily inaccessible,
- duplicate a site to test an update on a copy before applying it in production,
- automate tasks while maintaining control.
Centralized, simple and powerful management that can reconcile many with automatic updating. It also saves a considerable amount of time when managing multiple sites. Let's be clear: without the WordPress Toolkit, we could never have imagined becoming a WordPress hosting specialist and managing so many WordPress sites so efficiently.
Paid plugins: often manual
Some premium plugins are not connected to the WordPress.org repository. They must be updated manually, from a ZIP file or via the WordPress administration panel.
This means that even with automatic updates enabled, regular vigilance is required on these components.
So, should you activate automatic updates?
The short answer: yes, in most cases and by default. For simple to moderately complex sites, this is a safer solution.
But you must :
- Monitor your sites
- Have an external backup that can be easily restored
- Have the tools to quickly diagnose/correct any problem
All this is possible thanks to good tools like the WordPress Toolkit, good backups and active monitoring, as found at LRob. In the event of a problem, most issues can be resolved in a matter of minutes thanks to experienced support.
For more sensitive projects: a mixed strategy, accompanied by active monitoring and testing on a pre-production environment, is ideal.
Whatever you decide, you need to update frequently to keep your WordPress site healthy. In our experience, a site that hasn't been updated for more than 1 to 3 months can already carry a significant risk of being hacked. Would you rather have a site with a bug, or a site that's not up to date? hacked site that could damage your image and cost you even more to manage?
At LRob, we choose security and freedom from mental burden: We say a big YES to automatic updates, by default, and adjust as needed on a case-by-case basis.
If you no longer wish to ask yourself this question, then you will be happy to call on a WordPress webmaster to manage these issues for you!
Need advice? Need support? LRob is always there to help.
Leave a Reply