Automatic Theme and Plugin Updates Slated for WordPress 5.5

Screenshot of the plugin management screen with a new automatic updates column.
Automatic updates column on the plugin management screen.

Today, Jean-Baptiste Audras announced the WordPress Auto-updates feature plugin. The project seeks to bring automatic plugin and theme updates to WordPress version 5.5. It was originally slated as a feature project in 2019, but it was later bumped to the 2020 roadmap.

The WordPress Auto-updates plugin is available for beta testing in the plugin directory. The plugin is currently marked to work with sites running PHP 7.2 or later, which is odd considering it is a feature plugin for core and will need to be compatible with WordPress’ minimum of PHP 5.6.

The feature feels long overdue. We have been asking for it since at least 2015 here at the Tavern. Hosting companies and plugins like Jetpack have taken up the load over the years, offering automatic updates for millions of users. However, it is time for the core platform to take the reins and make this a feature available directly to all users. This would also provide a standardized path for third-party plugins to extend the feature with more controls for end-users.

Work toward bringing the feature into core WordPress originally began in the plugin auto-updates and theme auto-updates Trac tickets. The code contributed to those tickets are now in the feature plugin. “WordPress contributors did a lot of work on the two related tickets during WP 5.4 development cycle, but decided to give it more time for testing as it’s an important feature,” wrote Audras in the announcement.

Development is currently taking place on Audras’s GitHub repository, but it may be moved to the official WordPress GitHub account.

One of the primary goals of the project is to create an admin UI, which would give users the ability to manage how automatic updates work. Users will be able to enable or disable auto-updates on a plugin-by-plugin and theme-by-theme basis. This level of fine-grain control is welcome. While I generally prefer to auto-update everything, I have been burned by specific plugins and themes in the past. For those, I often prefer to update within a test environment first to be on the safe side. Undoubtedly, other users may find themselves in a similar situation. It is nice to see this being taken into account as a goal of the project.

The project plans to set up email notifications for site administrators that will summarize any auto-updates that happen on the site. There will also be hooks and PHP constants to allow plugin developers to take control of the update settings.

As usual, most of the completed work on the automatic updates roadmap has gone toward plugins. Just once, it would be nice to see a feature that crosses into both theme and plugin territory be completed for themes first. I only hope that themes do not end up taking a backseat due to time constraints, development hurdles, or anything else.

59

59 responses to “Automatic Theme and Plugin Updates Slated for WordPress 5.5”

  1. I really like the option to select what you want to auto updates for themes and plugins. In the long run, it will be beneficial for the community but for us, as a web design agency selling care plans, we have to position yourself more on support our customers and less on core/theme/plugins updates.

    Report

  2. Lenin Zapata says:

    Maybe for novice or non-professional users will do it, but already an expert user with many years in WordPress will not activate all this, because always in the update something can happen that breaks the website. After so many automatic updates it will not be known which plugin caused the error. I prefer to prevent.

    Report

    • Tobias F. Howard says:

      I think the key here Lenin would be to “not” look at it as a set and forget type of feature. No matter what updates that need to be performed, it is always good practice to look things over before moving on.

      As a person on a very busy time schedule, I would rather risk a temporarily broken site than have a plugin that is causing security flaws in the site. Once breached, those are much harder to fix than just going through plugins until I find the offender.

      You are one of millions of “experts” with various skill sets. Hackers have a different set and they don’t operate when it is convenient for you. Not to mention that the easiest way to not have plugin conflicts is to not overload a website with plugins. Keep it simple…

      But you make a good observation. Great post!

      Report

    • Yes as long as the updates do Not screw up the websites and All the work put into it.

      Report

  3. Bud Kraus says:

    This will be a good idea towards a safer and more secure WordPress but please have this as an opt-in feature!

    Report

    • You can enable/disable on a per-plugin/theme basis. I am unsure whether the updates will be enabled by default. It makes sense that they would to get the best coverage for users, but I could see the argument for making it opt-in instead, at least until it has been put to real-world use.

      Report

      • Tobias F. Howard says:

        I would prefer the option per-plugin myself. I do have a couple of very useful plugins that don’t play well with others and would rather be present to update them. They usually have specific things I must do to make sure that some settings don’t get over-written.

        The other regular plugins I use when building have been in WP for a long time and are generally “stable” for blind updating. So having all plugins update except the 2 that I choose would be optimal. Security over convenience, I always say.

        Report

    • Prof says:

      Yes as long as the updates do Not screw up the websites.

      Report

  4. Ronald says:

    Easy Updates Manager has been doing this for years. We have most of the kinks worked out with painful troubleshooting. I suggest the team look at the guts of the plugin and figure how we did it for plugins, themes, AND translations. I plan to contribute where I can on the featured plugin.

    Report

  5. Steve says:

    This is a fantastic to hear, and the option to exclude some plugins/themes is certainly a key need.

    It’s long been a bugbear for me with the WordPress Updates screen that the plugins section allows single-click access to plugin changelogs:
    “You have version 5.6.6 installed. Upgrade to 5.6.7. View version 5.6.7 details”

    this is missing from the themes section where you just get
    “You have version 1.2 installed. Update to 1.3” and to see what’s changed you have to click though to themes, then click the modal for the theme before you get the “View version 1.3 details” link.

    Report

  6. Urvashi says:

    Once again, it feels like WordPress is making it easier n convenient for bloggers. I for one would really like to not have to constantly keep pressing buttons after buttons to Install updates.

    Report

  7. Harith says:

    Don’t like plugins updating by themselves. I’ve seen big plugin vendors (like Yoast) put out updates that can break a site for whatever reason. I always test on a staging server first to confirm it’s safe to update.

    Report

  8. Diogene says:

    This is not a good idea for professionals websites.
    A professional website have to pass through staging compatibility check before that any plugin can go live.
    The only reason to have auto update is is the plugin implement a Security issue flag that plugin developer can trigger in special cases.
    But most professionals website uses some.security plugin that notify if a plug as a security issue.
    You can’t really take the risk to broken a website that generate thousand $/h because the support is done by amateurish lazy people.
    Even for amateur I don’t know if is good because most of the time they are not able to find a faulty fresh update plugin.
    No sorry automatic update is bad in Windows 10 and also in WordPress. If you can’t afford to maintain properly you web site don’t own one.

    Report

  9. chrkat says:

    I think it would be a good choice to decide what you want automatic updates to the themes and plugins.
    good job

    Report

  10. This sounds like a great idea:

    One of the primary goals of the project is to create an admin UI, which would give users the ability to manage how automatic updates work. Users will be able to enable or disable auto-updates on a plugin-by-plugin and theme-by-theme basis.

    Report

  11. OU Love says:

    This will provide more security standard to WordPress and wp pligins

    Report

  12. Sonja London says:

    It looks like this will be opt-in for plugins and major or functional WP releases. Is that correct?

    If so, we and our clients will be fine with it.

    Given recent controversies with some plugins updates that included removal of features or broke functionality, I am not a fan of turning on automatic updates for most plugins.

    Report

  13. DonM says:

    This is not something I would use ever, on any of the sites I admin or have admined over the last decade. The only way I’d even consider it would be if the tool was advanced enough to spot a problem and automatically revert the plugin that is inevitably causing the problem when it auto updated.

    Report

  14. Mash Ishra says:

    Good to see the feature will be available as a user facing option. I have been auto updating core and themes by adding a couple of lines to a functionality plugin in the last few years (plugin updates handled by Jetpack).

    Report

  15. Guido says:

    I wonder whether this overrides the update settings in for example DirectAdmin/Installatron or not? If not, it will not work as expected at many websites.

    Report

  16. Companion Auto Update does the job and keep an history of the updates. So, if you meet a problem on your site, you can find the culprit easily.
    But it lacks a warning about abandoned plugins. I am making corrections on my plugin reviews site and I’m astonished by the numbers of plugins pushed out the depot without any method to inform users. They keep very old plugins installed and never worry as they are marked «last version».

    I autoupdate most of my sites since two years without any problem. I tend to prone autoupdate when you see the damages done on site by non updated plugins with security breach. You prefer to loose all your content or go back in previous version of a plugin ?

    Report

  17. Another feature that is not useful to majority of the users about to make it through just like the other bug.

    Yet the IMPORTER is worthless, filled with BUGS, ERRORS takes HOURS just to upload backups. (depending on the xml file size it can take days) yet there was VERSION 2 developed by HUMANMADE and no attention was given to it.

    Report

  18. Guido says:

    It seems like a useful feature for bloggers and casual users, but from an agency’s prospective, the real added value of an auto-updater would be the automation of debugging checks such as:

    Any new error in debug.log following the update?
    Did the appeareance of the homepage change?
    Was any hook definition changed or removed following the update?

    And then, my wildest dreams:

    Revert the update if any of the above happens, using version control.

    I doubt these features will ever be implemented in core, so until them I guess we will just do the usual cycle: pray, update, test 😜

    Cheers,
    Guido

    Report

  19. The news is great. But, you must consider that almost every experienced developer will keep off auto-update for everything. Why? Because it happens as a plugin or a theme to come with some bugs in the new update. On the release path, it’s well known that some updates bring major improvements. That’s the issue. Those updates are like earthquake, they are usually followed by a sequence of updates where small bugs are fixed. That’s why it’s good to stay aside a little bit when a big update is ready. This is just one reason why experienced users will stay with auto-update off. That’s my opinion and my advice for any wordpress user, and it does not mean that auto-update is not good.

    Report

  20. Andras Guseo says:

    Will there be an option for plugin / theme developers – through a filter or setting or whatever – to fully disable to possibility of auto-updating their plugins?

    While this is a great feature, if I was a plugin developer I would be afraid of people auto-updating my plugin, that breaking the site, then me having to deal with all the reports.
    Without auto-update I would still get reports, but it is more contained and would give me time to take off the update.

    Not that I ever have bugs in my plugins. Not that I have plugins at all. :)

    Report

  21. As a development agency who maintains dozens of websites, this feature sounds great but also scary. Plugins can be bought and sold and suddenly there are unprofessional advertisements for a premium/pro version that display in the interface. Or the plugin just breaks. If I am manually updating a website for a client, I can dismiss/hide unwanted ads, roll back to a previous version, or decide to replace it entirely if we don’t like the new version. When updates are automated, we lose that control or find out about these issues after the fact which makes us look bad.

    Instead, what I’d love to see are warnings which highlight which plugins have not been updated by the author in quite some time. It would make it more obvious which plugins need to be replaced as they are no longer supported. Currently this is handled by security plugins and/or hosting environments but WP core should handle this as well.

    Report

    • Jb Audras says:

      Hi and thank you for raising such important points!

      This is why auto-updates can be enabled as opt-in for each item (plugin/theme). This way, you can opt-in manually for the updates you want, an even completely disable auto-updates.
      This is already handled in a Core ticket, and I’m taking care of also ship this enhancement in WP 5.5, alongside plugins and themes auto-updates :-)

      Report

  22. This is great news. I’ve been using Companion Auto Update for more than a year on three production sites that make up my livelihood and automatic updates have not caused any problems at all.

    I disable auto-updates for critical plugins (ie. e-commerce) and check changelogs for breaking changes or security issues after each auto-update (Companion has notifications). There’s rarely anything that needs doing and it’s very convenient.

    And as someone pointed out above, I would rather roll back a plugin than have a security breach. Almost all software auto-updates these days.

    Report

  23. Kashif iqbal says:

    I love WordPress and it will be good features of auto update for plugins and themes but make it optional or set options to select individually plugins/themes for auto updates.

    Or

    Make so thing like this, if any updates comes them the admin will get notifications on their mail and if they click on OK then the plugins will get updated otherwise not. So that admin can update their plugings without logging into the admin dashboard.

    Report

  24. Thurs is s very welcome feature. And till few months ago I would gladly be first in line for it. But, few months ago I’ve had an issue with timber plugin (that I’m using to build themes on most of my websites) and after one update it broke everything as incompatibility with WPML and clearfy plugins and maybe some other. The result was WSOD. I than used rollback plugin to rollback timber to older version.

    What I’m trying to say is that there should also be an option to rollback if update went wrong and if possible to mechanism check if update broke website and automatically rollback that plugin to previous version.

    Report

  25. Roel John says:

    Oh 😂😂😂 you better not do it much better this auto update have auto backup too 🤣🤣😂🤣

    Report

  26. Njengah says:

    Am more scared of auto updates than getting any other issue in WordPress. I always want to be sure what the update is offering. Last few weeks we saw the mess the update of Google Analytics Dashboard plugin did to an open source software, overnight it lost the free features. You need an option in settings to turn auto updates on like the switch to Classic editor or Guttenberg.

    Report

  27. Yes, I too have been burned by updates. The theme one of my clients uses has WooCommerce, and when I updated it, the site was so broken I had to restore via database and FTP to get it back. Then, 3 days later there was an update for the theme that involved updates to the theme itself and patches to the theme. After I applied the theme update THEN I could do the WooCommerce update without breaking anything. Nasty. Truly, I would like to get rid of that theme completely but I can’t without a major rewrite.

    There are probably a lot of WordPress users who really have no idea how things work on the back end. They buy a theme with a proprietary editor, do an innocent looking plugin update – and Bam! WSOD. Tread lightly.

    Report

  28. paschal says:

    This is a great move…
    Love that.

    Report

  29. Jon Dingman says:

    Most certainly would help site owners’ security and help WordPress even feel more secure. I’m so sick of hearing people complain that WordPress is “insecure” because it’s really not. People just often forget to keep it updated. Any platform can become vulnerable if not kept updated.

    Report

  30. Andy says:

    At the moment I’d never use this, because I prefer the solution I currently use that takes an automatic backup and a screenshot before performing the updates, but it’s a cool addition as long as it stays optional. Hopefully this will include the hooks necessary for someone to create some kind of “backup before updating” plugin, although I’m sure Jetpack will have something like that eventually.

    Report

  31. Greg Hyatt says:

    Personally, I have a question. Who would want to do automatic updates on either themes or plugins? It is almost inevitable that there will always be a clash of something that will not always go well and end up in making a site inaccessible. This is the whole point of making sure that a site has its own version in a staging environment, the if all updates pass, push them out to the live site.

    I understand that this may be useful for those who may not be as inclined to frequently check for updates to themes and plugins, however, I don’t think it should be pushed as a mandate. As long as it provides an option to turn on or off, then fine. However, be sure to include a granular option to narrow it down to those item’s that you are confident in with their updates to allow accordingly.

    Report

  32. Yeah I Strongly Agree. Although I know very little about WP or how to use it. I greally agree on the theme and plug-in auto Updates thing. As long as they Don’t screw up my site. I know I really need to learn very much How to use WP. Since fired my webbuilders PSI -Profit sence innovations. Because they have No Clue how to build an e-commerce site. Since they charged $4K and used a free version of WP to build my site ( Emotobuys.com ) that does Not look or Work like any of the examples I gave them. So now needing to learn how to do it myself. Where and how is the easiest way to learn WP please?
    Hector

    Report

  33. snatched says:

    Most certainly would help site owners’ security and help WordPress even feel more secure. I’m so sick of hearing people complain that WordPress is “insecure” because it’s really not. People just often forget to keep it updated. Any platform can become vulnerable if not kept updated.

    Report

  34. David Do says:

    This will provide more security standard to WordPress and wp pligins

    Report

Newsletter

Subscribe Via Email

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

%d bloggers like this: