WordPress 3.7 Automatic Upgrades Proving to Be Reliable

The first WordPress 3.7 Release Candidate was sent out into the wild last Friday. So far it’s been testing very well. The flagship feature of this release is the ability for WordPress to automatically update itself, as highlighted in the customary haiku:

WordPress three seven
A self-updating engine
Lies beneath the hood

Automatic background updates seems like a daunting feature to launch across millions of blogs, but WordPress 3.7 includes code to roll back a failed automatic upgrade. Even so, Nacin tweeted yesterday that after 25,000 updates to RC1, there hasn’t been one single rollback. So far it looks like the automatic background updates for security and minor releases is proving to be remarkably reliable.

Nacin has done everything in his power to determine points of failure within the feature but so far it’s been holding up nicely:

Currently two emails are being sent out when the automatic upgrades are successful: one for debugging and the other standard email that all users of 3.7 will receive. Once 3.7 is officially released you will no longer get the debugging email. However, there is a filter that you can use to keep it turned on if you like.

Jeff recently polled Tavern readers to see how they will be implementing the automatic updates on their sites, as many readers previously had expressed reservations. At this time it seems that only 1 in 4 people polled will be disabling automatic updates completely, while the remaining 75% are open to using them to varying degrees. The results of Nacin’s testing of RC1 should inspire even more confidence. If all goes well, it looks like we should have the official WordPress 3.7 release sometime this week.


14 responses to “WordPress 3.7 Automatic Upgrades Proving to Be Reliable”

  1. It’s worth pointing out (and Andrew Nacin will attest) that a huge amount of the work done on shoring up the reliability of auto updates has been done by Dion Hulse (dd32). Big props to all those who’ve been working on this feature!

  2. Good to hear it’s going so well. I have been lazy and are still relying on SVN to update everything. I should turn that off so that I can test it out properly.

  3. Will the auto upgrades have an option to turn them off? What if I am editing the footer or any other file and the auto upgrade thing tries to update?

  4. Sigh… talk about missing the point. The danger with automatic updates isn’t that the update itself will fail. In three years of using WordPress continually, I never had an update fail me.

    No, the danger is that a perfectly successful update will break something in the website. A plugin. A theme. Some other customization. And you won’t know until the next morning… or until Monday morning… or until you return from vacation. And by that time you won’t even be able to tell if it was the update that broke things or something else. You’ll lose readers, and possibly buyers, you’ll waste time and energy, and all because a dumb piece of software thought it knew better than a human being.

    I’m one of those 25% who will never, ever enable auto-updates in any way, shape or form. Too bad you refuse to understand why.

  5. Miroslav > It shouldn’t affect your theme – unless of course your theme is TwentyTen, TwentyEleven, TwentyTwelve, TwentyThirteen or TwentyFourteen (I just noticed I had all 5 of them in my theme folder). If you’re using a completely different theme other than the WordPress defaults, or you’re using a child theme of the defaults, then you should be fine as far as your modifications go.

  6. Felix > It’s always a concern, yes. However a security fix shouldn’t affect or break a site too much. A major update, maybe. Having said that, these updates aren’t for people who regularly visit, maintain & update their sites. The auto-updater is aimed more towards those who basically ‘set and forget’.

  7. @Felix – This is why this feature is for security and minor releases only. We’re talking a limited number of carefully considered fixes to address security issues or major bugs. We’ve been doing this a long time and have gotten extremely good at avoiding breaking plugins or themes (even the terribad ones).

    One can enable background updates for major releases too. It’s no more difficult for us to implement — but, of course, it is more difficult for us to avoid breaking sites. We aren’t missing the point. This is the point right here. We know how dangerous and scary this can be, which is why we’re doing this extremely carefully. We’ve been collecting an absolute ton of stats in 3.7, and we’ve also made updates much more reliable both of which are setting the stage for us to continue to improve the stability of updates. Not just the update process, or the ability to detect actual compatibility issues or failures, but approaching WordPress development in such a way that we can continue to keep plugin conflicts to a minimum.

    We also have the ability to roll out an automatic update slowly. Assuming 3.7.1 isn’t a pressing security release, we’ll be able to release it, wait 48 hours, then release it 1% of installs (let’s say), then slowly increase that percentage for a day or two, specifically watching for failures, support requests, and the like.

    And yes, updates do fail, even if you’ve never run into one. Even if 99.9% succeed, that’s still tens or hundreds of thousands of sites. Which means we have no choice but to be perfect.

  8. @Felix
    It’s better to wake up on monday morning and find your site broken than you wake up and find your site was hacked because there was a security hole in WP. Automatic update is only for security fix releases. Security fix releases will not break your site.

  9. I think this fantastic and yet scares the hell out of me.

    I’ll be turning this off for client sites – it is incredulous there is so much support for auto-updates, I can only surmise that auto-updates are supported by folks that don’t use change-management …

    Certainly every release I’ve seen has required plugin / theme updates to support core changes. And who can forget the fiasco with WordPress 3.2?

    The ‘WordPress Update Blew Up My Website’ posts will be along shortly…

  10. @Sarangan –
    auto update’s most limited level is not for security releases only – at least according to the 3.7 release notes (and other duscusssions earlier). It is security and minor releases.

    not happy :( I was using a heavilly modified 2010 theme, the default 2013 didn’t even work…

    gonna have to go back to 3.6 and stay there… SUCKS !!!


Subscribe Via Email

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

%d bloggers like this: