No, I don’t think it’s normal. I’ve been busy fiddling with Wordfence on 5 sites all afternoon trying to figure out what’s going on, while launching a brand new 6th site.
I’m not particularly amused right now.
-
This reply was modified 4 years, 3 months ago by
Sean.
Thread Starter
paulc2
(@paulc2)
To further put flesh on my original intent behind posting (and I’m well aware its my first post here), my main fear is “the bad update”. I mitigate against this – if an update is released, I wait 1-2 days before applying it (I don’t have auto update turned on – and I’ll not have WordPress be able to write files to ITSELF – that’s another debate for another thread I suspect though!) and even then, do a backup just before, try it on one site, check all is okay, then do it on the others I look after. But I’m well aware loads of people have auto update turned on. I’m waiting for the day “the bad update” occurs, I dare say I’ll read about it on the BBC News website (Technology section) because of the percentage of sites which would go down.
Its just a shame I didn’t wait about 23 mins longer, I could have jumped from 7.4.2 to 7.4.4!
I’m very appreciative of the effort which is made to provide timely updates etc and don’t wish to criticise the coders etc….but I am sure you can appreciate what might happen, if one day, “the bad update” goes live.
This is maybe another reason why I’m about to turn off auto update anything with my websites. My own laptop does not auto update itself, I take care of that. It notifies me, but I decide when it gets done, and don’t worry, it all gets done in a timely enough fashion.
This is not the first time something like this has happened, at least I have had it happen with another plugin, but this other plugin is made by a very small team, for free, so I can’t really complain. WF on the other hand is a multi million Dollar plugin made by a very big team.
Yes, auto update can save us time, but it would seem there is too much of a risk now in that I/we will end up wasting more time in the long run checking and fixing if/when it breaks.
I have an unimportant but public facing live website that I’m going to use for testing updates, a sacrificial lamb if you will, before I update the others. And I only have 6 websites, at the moment. I can imagine how this might be much more of a problem for professionals with 50+ sites to look after.
I have turned off auto update and despite a thread that has been going on for months, WORDFENCE continues to update on it’s own. In all cases the fact the plugin updated on it’s own broke our GIT systems. Believe it or not, I am a busy sys admin and I don’t have the time to chase Wordfence who arogently ignore you or say the problem is not their fault. I have 150 plugins installed on our systems and we only have issues with Wordfence. Sort it out. Please.
https://wordpress.org/support/topic/wordfence-auto-update/
Thread Starter
paulc2
(@paulc2)
I have turned off auto update and despite a thread that has been going on for months, WORDFENCE continues to update on it’s own.
I “turn off” auto updates by altering the underlying file permissions (well, file user ownership settings) of the WordPress files. I have a shell script (that’s the only way…I need to log into an SSH shell) to “loosen” the permissions, then I manually do an update, then I “tighten” the permissions with a similar script. This way, I choose when the updates are done; and WordPress can’t write to the file system (except wp-content as appropriate etc).
I know, on balance, Auto-updates are better than users not updating but I simply can’t reconcile letting a 3rd party deciding what (& when) core files are changed as being ‘secure’. And I appreciate there’s plenty of websites out there being hosted on shared servers with no access to an SSH session.
When I log into the Linux session, the heading tells me of any Linux updates and it categorises them as “security” updates and others. I wish this feature could be implemented for WordPress (core, plugins and themes). This way, we don’t need to read through the details of each update and decide if its irrelevant, UI, security (and severity and relevance), extra useless feature, or actually a useful feature.
I agree with you paulc2 entirely. On the whole, automatic updates suite the majority of users and I totally get that. I just wish that the option they have for turning that auto update feature off, actually works.
Sadly I don’t have the freedom to be able to alter the file permissions because we have other automated systems and api calls that rely on the wwwroot directory being writable by the web server – otherwise that’s exactly what I’d do 🙂
Hey All,
I apologize for the frequent updates, but sometimes it’s necessary if an issue. arrises. We take a lot of pride in our work. We have a dedicated QA team that scours the updates for any issues, but this is web software and we’re only human and sometimes slip through.
Once again, my apologies for the annoyance.
Please let us know if anything else comes up.
Thanks,
Gerroald
Thanks Gerroald.
Indeed, we are human, and these computers clearly still need us, for now 😉
With that said, I have only 6 sites to manage right now, so I’m going to be doing all updates manually and verifying each one. It will make me feel more human.
