Should Automatic Upgrades Be Opt-In?

The writing is on the wall. It’s only a matter of time before automatic upgrades for WordPress core, plugins, and themes make it into WordPress. This is a step beyond the one click upgrades that are currently in WordPress. As dumb as it might seem, Otto is right in that users simply don’t upgrade. However, I want automatic upgrades to be opt-in instead of opt-out. I don’t need my hand held by WordPress in order to perform updates and uphold my responsibility of maintaining this website. There are too many horror stories of automatic upgrades gone bad for me to ever cross that line to allow those to happen either on my machine or on a website. I’m the type of person that wants to review the change log and any necessary information before the upgrade occurs. I’d feel the same way even if there was a simple revert system put in place to easily go back to a working version prior to the upgrade. This leaves me wondering if you want automatic upgrades to happen without you as a user/administrator ever being involved, or if you’ll take the more active approach and handle the upgrade process manually? Look forward to reading your comments on this one.

[poll id=”41″]

43 responses to “Should Automatic Upgrades Be Opt-In?”

  1. I voted no because they should be opt OUT.

    I’m smart enough to do it myself. I’ve got a complex site. But my dad? Hell, I’d leave it on auto update and check in once a month to make sure it’s okay.

  2. While it seems nice in theory for simple sites, I build complex and tightly integrated sites using WordPress, plugins and custom PHP code. I ca already imagine the panicked calls from clients as an auto-update has wiped his corporate website…

  3. If there is a ROCK SOLID (and I mean ROCK SOLID, I can’t have the site auto upgrade and error out while I’m on vacation and not near a computer to rollback) backup and rollback strategy built in to the core then I am okay with auto upgrades at the core level. I am NOT okay with automatic upgrades at the plugin level. If a major plugin got hacked and malicious code got introduced it could spread to tens of thousands of sites before anyone even realized it was there.

  4. There are times where plugins or customizations to the site would make automatic updates undesirable. I’d MUCH prefer to see an Opt-In approach. The last thing I need is an unhappy client calling because an auto update broke the site or an important functionality of the site. It is always the webmasters responsibility to maintain the site and keep it updated.

    As it is, I find the update notices in the admin to be a problem as clients will try the auto-update and it breaks the site…then they are unhappy they have to pay for my time to fix it. As Blake said, the process first needs to be ROCK SOLID, which I don’t think is ever truly possible. There are too many hosting, plugin, and unknown variables in play.

  5. We don’t even question Chrome’s automatic updates. If you even know it automatically upgrades you love it, and if you have no clue it does then all you know is that Chrome always seems better than the rest.

    Don’t let yourself get stuck in the mindset that its worked one way forever and rule out major changes. This would be incredibly innovative for web software.

    Automatic core upgrades, with a lot more sensitivity to error checking and automatic rollbacks, would be amazing. Instantly protecting nearly 15% of the Internet from core vulnerabilities???? That makes me excited!

    The unfortunate state of plugins shuts down any possibility of automatic upgrades. There are WAY too many scenarios that make this a bad idea. Themes are a little less risky (as far as malice goes) because there’s actually a theme review team. Plugins simply can’t get that kind of attention. Themes, though, would totally revert to their original designed state and users would lose all of their customization if not done via a child theme.

    Core: heck yes
    Themes: no
    Plugins: hell no

    To answer the major question at hand though: opt IN or OUT? Automatic core upgrades should be opt OUT. If the goal is to upgrade sites NOT being upgraded in the first place (because their owners aren’t confident WordPress administrators) then opt-in automatic upgrades wouldn’t solve any problem; it would just make real administrators lives a little easier.

  6. I think opt-in is a better option. If you want to have auto-updates, you can. It should be simple enough to opt-in on install. In the same way that Browse Happy appears on install these days, you could get the option to opt-in to auto updates if you want it. If not, dismiss it.

    I do WP upgrades as soon as possible on sites, however, with plugins I always check the Changelog before upgrading. I like to know what has changed before upgrading. That way if something goes wrong, you at least know what new elements have been introduced and you can work from there. In the end I try and keep as up to date as possible. If a site has plugin problems, they need to be dealt with sooner or later. However, having to deal with multiple problem sites at once can be a headache…

  7. I agree with Ipstenu. The only way automatic updates will have any real effect is if they are opt-out. Opt-in is just as ineffective as the current situation.

  8. It’s worth noting that a heck of a lot of people already do fully automatic upgrading. Many people run their site on the trunk code via SVN and have it doing an “svn up” once every so often. We run off the trunk and it’s often updated several times a day.

    So I’d say that, for core at least, we’re in a good position to state that there’s very rarely any breaking changes, and that an automatic upgrade system is at least feasible from that perspective.

    Also consider that an “upgrade”, as it currently is, is once every three or four months (sometimes less) and is usually a fairly major change. But what if the upgrade was just one or two files, maybe a few minor function changes or enhancements? Maybe even on a weekly basis? What if it was “upgrading” to the latest version that was in the current branch (3.2) instead of to the next level of 3.3? Would that be any different?

    I’m just thinking you might want to consider more than the most obvious point of view about upgrades. When was the last time you upgraded Chrome? Did you know it upgraded itself, about twice a week? Did you notice? Did you care? That’s the kind of thing I think we should shoot for. You shouldn’t notice upgrades, they should just happen. And not fail, of course.

  9. Definitely opt out. Upgrades don’t break unless you’re doing something wrong.

    Plugins and themes should definitely be opt out though, for the reasons mentioned above.

  10. For core, opt out will be fine. Those of us who can easily handle updates ourselves will be able to figure out how to turn it off. The Average WordPress user would greatly benefit from auto-upgrades. Plus, if it’s not turned on by default, a large majority of those users will never know the feature exists, which will defeat the purpose of the feature in and of itself.

  11. I think opt-in is the way to go. It makes the feature more of a choice than opt-out. Opt-out is the Facebook way of doing things, and that creeps me out.

  12. For those that know enough about the whole thing to know that they want to turn off automatic updates, turning them off is easy, and takes all of like, 3 seconds.

    For those that don’t know enough about it to know that they probably want it on, they’re less likely to know how to do it (or even than they should).

    Having the default be opt-out is better for the majority, I think. By setting it to opt-in, many people will never update and not know that it’s a [potential] problem.

  13. Comment from Justin Tadlock:
    Plus, if it’s not turned on by default, a large majority of those users will never know the feature exists, which will defeat the purpose of the feature in and of itself.

    According to all the studies, a very large percentage would never benefit from this new update regime anyway, since they never update and thus never have this option ;) (but I get the gist of your comment and I agree)

    By the way, inadvertently voted opt-in, but meant to vote opt-out. Sorry to have skewed the poll results by 1 vote :(

  14. I voted for opt-in, but I guess it would be OK to have opt-out. I want to know when a site is updated in case it causes a problem. I run a manual backup before major upgrades.

    As for Chrome, If it doesn’t work I can use another browser (I use FF anyway). If my site is down because of an upgrade, that’s a bit more serious.

  15. I appreciate and second what @Patrick Daly says – core updates should be opt out, for the very reason that shoring up the core benefits exactly the people who need it most. Also, to back up what @Justin says, experienced developers can always figure out how to opt out if they need to…

  16. While I appreciate the advantages of automatic core upgrades, I’m concerned about what will non-technical blog owners think when the back end UI changes and they didn’t do anything. I definitely see myself getting a few panic calls and emails letting me know that ‘something’s wrong because my back end looks different.’
    The comparison with Chrome is appropriate; however, when Chrome auto-upgrades there isn’t any end user education needed.

  17. Now that we’re this deep in, I think opt-out should be managed via the wp-config.php file.

    Decisions, not Options, is one of the WP credos, right?

    /** Turn off Auto Upgrade **/
    define('WP_AUTO_UPGRADE', false);

    Done. That would keep it out of the hands of people who don’t need to know any different.

    (Otto, I actually notice the Chrome updates a lot more with Lion, which doesn’t ever actually shut DOWN Chrome when you close it. So I have to remember to check for updates and have Chrome tell me ‘Hey, you haven’t restarted in a while….’ which is an interesting ‘bug’ Chrome needs to address ;) )

  18. @Ipstenu – I’m glad someone brought this up because it’s something I thought about when writing the post.

    Decisions, not Options, is one of the WP credos, right?

    An option to choose whether to opt-in or not to automatic upgrades would never be added to core so whether I like it or not, they would likely have to be opt-out anyways. And of course, I suppose the wp-config way of doing it wouldn’t hurt.

  19. Yes and No.

    Whenever we add a new setting to WordPress, my instinct is to make it opt-in for existing installations and opt-out for new installations. In other words, I think auto-update should be turned on by default for new setups (defined in `wp-config.php`) but be something you need to turn on for existing installations (i.e. after upgrading WordPress).

    This is a drastic enough change to the way we currently do things that it warrants educating users and clients about what exactly will happen. But for new sites … let’s just turn it on and move forward.

  20. Many people were using the following code to exclude certain categories from appearing on their homepage

    function exclude_category($query) {
    if ( $query->is_home ) {
    $query->set('cat', '-xx');
    return $query;
    add_filter('pre_get_posts', 'exclude_category');

    A bug in a fairly recent WordPress update broke this (completely valid) code for everybody.

    If a Chrome update breaks something, it’s an annoyance, maybe. But if a WordPress update fails, at best it’s a public embarrassment and at worst a disaster.

    If automatic updates is a must, then make sure a lot of people try the update safely on actual production sites before pushing the update out to everyone else…

  21. Core could be opt out (or maybe not let them opt out) automatic updates, but plugins could (maybe) be opt in at best.

    To many people run blogs with plugins made by hobbyists, or “theme frameworks” that break backwards compatibility on upgrade. An automatic update would hurt them too much. I’d be in favor of it normally: I think all professional software should automatically upgrade (maybe with an opt-out, but maybe without a choice is better) but that’s it’s not for the WordPress World. WP Core counts as professional, but most plugins/themes do not.

  22. I second what Eric Mann said: Automatic core updates should be OPT-OUT for new WordPress installations, but OPT-IN for existing WordPRess installations.

    I’m all for the decisions, not options philosophy, but I’m also (and even more-so) all for the philosophy that, all else equal, new features in core should be disabled by default in existing installations, no matter how major or minor the feature. First, do no harm.

    And I would instantly enable the automatic core-update feature. What would be even cooler would be to have WP-CONFIG options to automatically update to RC and beta releases, or even to bleeding-edge nightlies. (Sure, I do this now, with Westi’s Beta Tester Plugin; but doing it via one line in WP-CONFIG would be even better.)

    And I agree with everyone regarding Plugins and Themes.

  23. I voted Yes because they should be opt OUT. Unless you’re doing something terribly wrong, upgrades never break to the point that we could not enjoy auto upgrades. Definition of word Automatic also represents not to worry, or, to save time.

  24. Hi all,

    The article put me in a state-of-mind to vote for opt-in, mainly because we have a 3.2.1 broken for Brazilian Portuguese translation so I was already inclined to avoid the issue of breaking the translations.

    See, I build the packages, but for this one I opted to not release it so people won’t complain that the upgrade broken their sites.

    But the first comment changed my mind (to a selfish state-of-mind), and I thought it would be easy for me to opt-out, so forcing the others to upgrade won’t bother me.

    Unfortunately I suspect that after the first issue when a site breaks due to an automatic upgrade, the site owners like Ipstenu’s Dad will quickly opt-out forever and the effort to have auto upgrades would be lost.

    Just my 2 cents, ( greetings from /. )

  25. I don’t think auto opted out for extant installs would help the matter at all.

    If automatic updates is a must, then make sure a lot of people try the update safely on actual production sites before pushing the update out to everyone else…

    Y’know… we do. A lot of us do (I’m running SVN on right now, and usually do a cron job to svn up every night – I haz crazy). It’s never enough, it will never be enough. It’s absolutely mathematically impossible for the beta brigade to test every possible scenario with every possible plugin, server version, PHP version, SQL version, and fancy snowflake that is your install. But let me spin this out:

    WP 3.4 (the first auto-upgradable version) is pushed and we all jump on board.

    Oh wait, there’s a bug. People scream in angor and raaaaaage! WordPress sucks! It’s terrible, why are you all dillholes?

    Someone makes a trac ticket. Otto and Nacin fix it.

    Magically your site is fixed without you having to do anything.

    Why … it’s just like the hotfix plugin, only I didn’t have to do anything!

  26. I think Opt-in is the right thing to do. There could be a popup during installation or immediately following the first admin login.

  27. As anyone who comments on here or other WordPress based sites knows that I am blunt and brutally honest.


    This feels like Matt Mullenweg wants to tell me when I can wipe my rear end.
    Sometimes it is not necessary to wipe my rear end.


    Each of us have different plugins and themes. Many of them have different customization.

    Sometimes when you upgrade coreWP then it will conflict with your theme and/or plugins.
    Sometimes when you upgrade a theme/plugin……….you get it right?

    I had instances where some plugins didn’t get along with WordPress Mobile Pack.

    One of the upgrades last year REALLY screwed up a client’s site when I updated. I had to add a maintenance plugin and turn it on. Client calls me and is yelling at me so loud I can hear him from the phone 3 rooms over.

    I would say 40% of sites I manage (own/clients) that I do not upgrade right away due to customizations.

    Again I am blunt and brutally honest.

  28. Opt-out please. I like Ipstenu’s comment to use wp-config.php to determine that and ask whether to turn off updates when installing WordPress, just like with the “block search engines” bit. As a developer I’d love to use the latest features of WordPress and not have to worry about back-compatibility, so knowing that the majority is upgrading with every new WordPress release I’ll be able to use functions like submit_button without having to worry about users running versions prior to 3.1.

    So yes, I want automatic upgrades and I want them on by default. I’ll switch them off myself for larger projects where I carry out upgrades manually locally then test them on a staging server and finally deploy to production. So having an extra constant in my wp-config.php is nothing compared to what I already have to do to deploy :)

    ~ Konstantin

  29. @Miroslav Glavic

    This feels like Matt Mullenweg wants to tell me when I can wipe my rear end. Sometimes it is not necessary to wipe my rear end.

    Should I even ask when it’s not necessary to wipe your rear end? lol

    As for Opting In or Opting Out. Initially, I was for Opting In so as the decision would not have been made automatically without my knowledge. However, if I open my mind up to the bigger picture, I think having folks Opted in automatically on new and existing installs is the better way to go. Overall, I think having automatic upgrades for the majority of users is a good thing the more I think about it, especially for those that choose not to upgrade anyways.

    However, I still would like a line I could put in WP-Config to turn off automatic Core Upgrades.

  30. Opt-out for me too.

    I wonder that if auto updates were on by default whether this would have a ripple effect on WordPress coding standards?

    Would it motivate Plugin and theme developers to keep their code up-to-date, to work with the latest WordPress goodies?

  31. @David Gwyer makes a good point. If updates are automatic, at first there will be a lot of complaints, many people will have issues and there will be a lot commotion. But after a while it will die down, issues will get straightened out and everyone will pick their game up a notch.

    Maybe it is a necessary move to make the decision and go through the “pain” sooner and push everyone into better WP habits and coding practices.

  32. It’s also worth noting that this discussion is all theoretical. We’re a loooong way away from this being possible, although many core devs do discuss the idea from time to time.

  33. @Jeffro – What I meant the whole wiping is that it is not necessary if I haven’t gone to the washroom. I tend to be sleeping at 3am, Matt coming and waking me up and doing it when it isn’t necessary.

    Automatic upgrading has two bad issues:

    1) It can really screw up my install if things aren’t compatible with components of my site.
    I want to be there when I upgrade

    2) You think that those lazy admins will get any better? no, they will continue their lazy way and not upgrade.

    As a community we need to be up here to help them out. So many WordPress community members have a stick up their you know what. I remember when I was a newbie. I tried to get some help from a theme author, there was an issue with his theme. He spent 5 paragraphs YELLING AT ME. I changed themes.

    There are a lot of people who are afraid to upgrade. I had the issues with the first started the one click upgrade within WP.

    Think about it, do you remember ancient times ago when you were first customizing/upgrading? How many mistakes did you make with the WPT theme? some typos maybe? Not all admins who don’t upgrade do it out of laziness, they do it out of fear.

  34. There’s a lot to reply to here, so I’ll try to keep it as short as possible. To clearly state my position, I’m in favor of opt out. My reasoning is that the majority of installs should auto-upgrade, and also the sites that should NOT auto-upgrade are also the sites that tend to have a person running or developing them that is capable of adding something to wp-config to opt-out.

    Having said that, I think there’s excessive concern in some of the comments here. People seem to think this might happen soon. Otto said it perfectly:

    We’re a loooong way away from this being possible

    When it DOES happen we’ll do it right. However, it’s going to take time to figure out what “right” is. I see this as another “the media area needs updating” kind of issue. We know it needs to be done, but it needs to be done right and that means we need to take time to plan.

    I’m also a little confused as to why Matt got a personal call out here. As far as I can tell he’s not trying to force you to do anything. This kind of thing has been discussed by the developers on and off for quite some time. At some point when a good solution is envisioned a couple of developers will try to code it up. Then several more will tweak it until it seems functional. It will end up in core and several more developers will test it, break it, fix it, etc. Whenever this eventually happens there will be quite a few people that were part of it. Matt won’t have “forced” this feature in, he won’t have “forced” you to use it (there’s certainly going to be a way to opt-out), and honestly he doesn’t even “force” you to use WordPress!

    In the end, if you don’t want automatic upgrades then opt out. Those that need them most are the people that don’t know it, so for them it should be turned on by default.

  35. Does anyone know why this is likely to be such a long way off?

    I always thought that when the current “automatic updating” system was put in place, that the next step for the very next version, would be for “real automatic updating”. But that time has not yet come.

    I guess I just don’t get what the technical challenge is. The current automatic update system seems to work flawlessly from what I’ve seen, and when it breaks, it seems to just fail instead of causing a catastrophic failure. So I’d have thought the step to a fully automatic system would have been trivial.

  36. I would say Opt-In to automatic updates.

    I manage a number of sites running WordPress. Some already do auto updates via an option the host provides. But I like to make sure I have back-uped up other ones before I update.

    I can see the benefit to Opt-Out, all the LCD users automatically get updates to a more secure version. But I worry about WordPress deciding (due to bug or other) that it should change my setting to the default automatuc upgrade.

    Perhaps having an option when you first install WP asking if you want to have it set to auto update, or when you upgrade WP, would be a good idea.

  37. Self hosted sites should not self-upgrade.. Those who doesn’t care about updates may not be able to deal with an auto-update failure (which may happen); those who care about updates – and update regularly- want control on the operations! (I totally agree with Miroslav on his point 1) above. ) So.. opt-in!

  38. Maybe there should be a setting for automatic upgrades or not. Someone like myself, I know how to maintain my site and I’ll upgrade for versions which I feel it’s appropriate.

    Not every single upgrade is required to use a plugin. What if it’s just a translation addition? I really don’t need it, it’s already in English (usually.) Or something minor, and I just don’t want to upgrade.

    There should *always* be a way to make it optional and manual, never, ever, forced automatic upgrades.

  39. Opt-out for new installs, opt-in for existing installs.

    The main objections seem to be from power users and from people who’ve had upgrades break sites in the past.

    Power users – you are smart enough to know about the option and configure it the way you want it (as you do with the rest of your site), and hopefully you will recognise the broader benefit to the internet if more sites are kept up to date. Stop looking at it as something that is enforced on you and instead look at it as a choice that will help others.

    Past breakages – those sites that broke from an upgrade would break whether the upgrade was manual or automatic. So the only difference is that it might happen when you aren’t on hand to fix the problem. Solution: scheduling options for the automatic upgrades. And if you’re concerned about clients, then you can always just turn it off and own the upgrade responsibility for those sites (as you probably already do).

    I don’t know why this issue continues to be so controversial. Automatic upgrades have done wonders for the security level of numerous operating systems and applications over the years. Time for WordPress to join the party.


Subscribe Via Email

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

%d bloggers like this: