Managed updates have always been one of the main selling points for WP Engine’s WordPress hosting packages. Customers have the luxury of never having to update their own sites because WP Engine keeps them on the cutting edge:
We keep your site secure without you having to think about it. Whenever WordPress issues a security update, we test it, and then proactively apply it to your site.
However, the company announced today that it will not be offering support for WordPress’ new ability to update itself.
WP Engine will not be supporting the background updates for WordPress. We will continue managing the updates for your installs, testing each release on our infrastructure, and fully managing the releases of the minor updates. For example, when there is a security update to WordPress, as soon as the patch is released, we’ll update all customer sites to ensure we continue to keep your sites safe and sound.
I asked WP Engine to clarify this statement. Does this mean that customers cannot enable automatic updates via the WP_AUTO_UPDATE_CORE define in wp-config.php? It seems that is the case. Their official policy is that automatic background updates will be disabled and customers will not be able to turn them on:
The function will be disabled because when we update we also automatically create site backups for you.
WP Engine will still continue to update customer sites as they always have. There’s no change here, but it is always interesting to note when a company restricts access to something that will soon be native to WordPress.
Playing it Safe
One huge advantage of enabling automatic background updates for WordPress is that a site can get those security improvements the very same day they are released with no waiting time. The same applies with major releases, plugins and themes, if one wants to live adventurously. However, if you host with WP Engine, you’ll have to settle with living on the safe side.
WP Engine customers will either need to manually update their sites through the dashboard or wait for WP Engine to initiate those updates. The company tries to ship security updates out as soon as possible and these updates are usually applied within the same day. The reason for this is to keep customers from accidentally breaking their own sites without backing them up. WP Engine customers will be upgraded within a week or two of the 3.7 release, as per their announcement today. For many customers, this is exactly why they have chosen WP Engine. Not having to worry about testing major updates is a huge relief for WordPress site admins.
The Future of Managed WordPress Hosting: A Growing List of Restrictions
I am surprised that this popular WordPress hosting company is preventing its customers from taking advantage of one of the most exciting new features of WordPress 3.7. Although customers always have the freedom to manually update their sites early, they will not be permitted to allow WordPress to update itself. This makes sense as a company policy, but as a developer I can’t help but see it as a limitation.
Why not allow developers to override the WP Engine restrictions via WP_AUTO_UPDATE_CORE in wp-config.php? Your average user isn’t likely to venture into this file to make any modifications, so it would be safe to assume that anyone who applied those settings knew what they were doing. The WP Engine infrastructure, however, does not allow for this.
WP Engine does a lot of things right when it comes to speed and prioritizing the customer’s ability to have a development environment. The company is a proven and reliable WordPress host that I would recommend to anyone. For many customers, trading freedom for security is well worth it in order to have their sites fully “managed.”
But what about the others who may want the freedom to let WordPress update itself? The company has very good reasons for limiting developers from doing this. But will the number of restrictions continue to grow? Managed WordPress hosts are a relatively new development in the marketplace of WordPress services. It will be interesting to see how their policies develop in relationship to WordPress core enhancements, which more often than not err on the side of giving more freedom to the user.
The core updates don’t matter since WP Engine handles that already, but I assume users would appreciate being able to set the config to allow for updates of plugins and themes. Or perhaps WP Engine offers that as a service too?