Forums

WP Tavern Forums Discussions Should WP update settings default to Auto-Enabled?

Should WP update settings default to Auto-Enabled?

This topic originated from a comment on:

LiteSpeed Cache 5.7 Patches XSS Vulnerability 

  • Author
    Posts
    • #150692
      Plugin VulnerabilitiesPlugin Vulnerabilities
      October 30, 2023 at 10:14 AM

      Dave

      Should WP update settings default to Auto-Enabled?

      A lot of websites get hacked because plugins with fixed vulnerabilities haven’t been updated, which is a good reason for having them auto update.

      On the other hand, some plugin updates cause serious problems, up to causing the website to be broken. The WordPress Plugin Directory doesn’t currently have any automated testing to try to catch breaking updates, much less smaller problems. Also, in many instances, vulnerabilities haven’t even been fixed in the update that was supposed to do that. That happened with a vulnerability that was then widely exploited earlier this year.

      What seems like a better approach would be to better use the existing capability for specific updates to be forced out even without auto updates enabled. That way, fixes for serious vulnerabilities could be more widely deployed, but with checking done to make sure they don’t cause problems and actually fix the vulnerabilities. Even though we currently offer a similar capability to our customers, we would be happy to work with the new team running the Plugin Directory if they want to improve their own capability.

  • Author
    Posts
  • You must be logged in to reply to this topic.

These comments are powered by bbPress which uses Akismet to reduce spam. Learn how your comment data is handled.

Recent Replies

Recent Topics