WP Tavern Forums Discussions Should WP update settings default to Auto-Enabled?

Should WP update settings default to Auto-Enabled?

  • Author
    • Plugin VulnerabilitiesPlugin Vulnerabilities


      Should WP update settings default to Auto-Enabled?

      A lot of websites get hacked because plugins with fixed vulnerabilities haven’t been updated, which is a good reason for having them auto update.

      On the other hand, some plugin updates cause serious problems, up to causing the website to be broken. The WordPress Plugin Directory doesn’t currently have any automated testing to try to catch breaking updates, much less smaller problems. Also, in many instances, vulnerabilities haven’t even been fixed in the update that was supposed to do that. That happened with a vulnerability that was then widely exploited earlier this year.

      What seems like a better approach would be to better use the existing capability for specific updates to be forced out even without auto updates enabled. That way, fixes for serious vulnerabilities could be more widely deployed, but with checking done to make sure they don’t cause problems and actually fix the vulnerabilities. Even though we currently offer a similar capability to our customers, we would be happy to work with the new team running the Plugin Directory if they want to improve their own capability.

Viewing 0 reply threads
  • You must be logged in to reply to this topic.