Auto Updates?
-
I was just alerted that one of my sites updated. I understand I can disable this but, frankly, I’m alarmed that this feature was implemented.
I do not allow any software to update automatically in my home office. I maintain the websites of many clients and I always perform a backup before updating their sites so I have a recovery path if a plugin fails or something else.
Thanks to this new “feature” I now have a lot of unplanned work to do because I have to modify the wp-config file to disallow this function for every site that I maintain.
I understand that old code is high risk, and I have educated my clients to understand this too. But the fact of the matter is that there have been WP upgrades which have NOT gone smoothly and I’ve been very glad that I waited a couple of weeks for the bugs to be worked out.
This, in my professional opinion, is NOT a good idea … not at all a good idea.
I take responsibility for not reading through the 3.8 release notes and taking action then to stop this intrusive functionality.
<end_rant>
-
@chip Bennett
Automatic core updates for minor versions are very, very safe, and have very, very low risk.
While that may be true, it is not “no risk.” The better question is:
“Who is responsible for taking that risk?”
Is it the site owner and maintainer, or WordPress?
I will submit to you and all other, that whoever is taking the risk and paying the bills is the one that gets to decide when updates are done.
I prefer to have my own failsafe mechanisms, and I’ve handled that for myself by disabling the feature. It isn’t a matter of my distrusting the methods that you and others on the inside are solid. I really want to retain control.
Unless you know what I’m doing to preserve the state of that installation with my backup, it isn’t really right to say that performing a backup is not an entirely valid failsafe.
The method of backup that I’m using gives me all the files and the database. Should something go horribly wrong, I can recreate the site nearly instantly at its last known good state. I am subsequently able bring that same backup into a development environment where I can take my time troubleshooting and resolving the failure without enduring the stress of having a client site being down.
I keep seeing this statement repeated:
“Automatic core updates for minor versions are very, very safe, and have very, very low risk.”
I agree that there have been fewer issues with what you’re calling a “minor update” but I have personally experienced issues with such upgrades because I do not have control over the plugins a client might choose to add. I can only stress the importance of vetting a plugin and/or consulting with me first but I cannot enforce it because they are the site owner and it is their business to run.
@samuel Wood (Otto)
Thanks for the answers.
Oddly enough, that’s exactly the sort of reasoning people use to have automatic updates in the first place.
That is people, and from one person to the next, there exists great variance in the priorities they place on this or that thing.
– The API now uses SSL-only, and the relevant root certificates are included in WordPress. Spoofing that would be most difficult because it’s not relying on the network to validate the SSL certificates.
Yes, it used not to, which is why I chose to do SFTP and HTTPS to maintain my sites. Nonetheless, however difficult the protocols chosen by WordPress may be to spoof, it is not impossible. I just prefer to be in control of that risk myself. If it blows up, then I am right there to see it. If it gets hacked because I am compromised, then I know where it came from.
Again, I appreciate your response and your time.
Thank you.
If WordPress creates a backdoor to update my site, then who else can exploit that backdoor?
That is a VERY GOOD Point.
BTW, for the flip side of people who do want the auto-updates to work, but instead got the email from their site saying that it could not auto-upgrade, there is a plugin for that too:
http://wordpress.org/plugins/background-update-tester/
The Background Update Tester will run a test on the site and explain why an automated update could not be performed, so that you can take any needed action to correct the problem for the future.
No, it really isn’t a good point.
All of the WordPress code is transparent and the upgrade process just doesn’t work that way as Otto spelled out above. For that to be exploited would mean that that code on your system is exploitable as is (it’s been seen, tested, beaten, tested, etc. visit http://make.wordpress.org/core/ for some of that discussion).
Or someone would need to modify the code on your installation to do Bad Things™. If they can do that why would they need to hack the upgrade code? They’ve already hacked your site.
That doesn’t mean patches will not come out. The really critical stuff gets fixed when identified. But saying it’s a back door is a stretch. It’s not.
“I would suggest that you shouldn’t backup only when you make changes.”
I do have regular backup processes in place for the sites that I’m supporting but, prior to doing an upgrade of any sort, I will perform another backup because there is no way to know if a client has a draft post in progress, etc. It is better to be safe than face the wrath of a client who feels they have lost hours of their time.
“For example, version 3.8.1 introduced 31 relatively minor bugfixes.”
If you are a Windows user, you know that Microsoft provides a list of all the upgrades prior to application, and even distinguishes that between “Important” and “Recommended.” When I click on items in the update list, Microsoft supplies a description of the update and a link to the KB article discussing it so I can make a business decision about whether or not I want to implement that fix. Would this be too much to ask of WordPress?
“If you are a Windows user, you know that Microsoft provides a list of all the upgrades prior to application, and even distinguishes that between “Important” and “Recommended.” When I click on items in the update list, Microsoft supplies a description of the update and a link to the KB article discussing it so I can make a business decision about whether or not I want to implement that fix. Would this be too much to ask of WordPress?”
I might be willing to volunteer some of my time to put this sort of process together, if that is deemed appropriate.
@marjwyatt: We provide just such a list every release:
Summary of the changes (with links to the tickets):
http://make.wordpress.org/core/2014/01/22/wordpress-3-8-1-release-candidate/All the tickets for the 3.8.1 milestone:
https://core.trac.wordpress.org/query?milestone=3.8.1The complete changelog:
https://core.trac.wordpress.org/log/branches/3.8?rev=27018&stop_rev=26862All of these were linked in the news announcement, a link to which shows up on the dashboard of all WordPress blogs, by default:
http://wordpress.org/news/2014/01/wordpress-3-8-1/The entire development process for WordPress is open. Anybody can contribute or follow along.
I made a video to demonstrate what I’m rrying to describe:
http://screencast.com/t/y61yqJyf6otWhat is so difficult about putting in an opt-in check box and leaving it unchecked?
Why all the control issues?
WordPress has never had control issues like this before – messing with a persons website is one major control issue. Is there new management?Marj, thanks for that screencast. I’ve good reason to believe that this will address your concerns.
http://wordpress.org/plugins/update-control/
I personally use this other plugin to go in the opposite direction as I like theme and plugin updates to be automated too.
http://wordpress.org/plugins/automatic-updater/
This plugin also has options that will disable updates. I should know, I disabled updates on my installation by accident.
I know you are looking for input regarding disabling the auto update by default but going forward one of these plugins may be a good way to go.
Yes, it’s a work around but if you include this plugin in your default installs then it may give you the option and choice that you want.
Prior to the auto update of minor point releases you had to update plugins, themes and core. The plugin and theme updates are still that way and by using this or following Otto’s advice that may be a good compromise for you and others regarding core updates.
I appreciate your recommendations Jan, but I am not a fan of adding a plugin to solve a problem where it can be avoided through other means. I’ve interacted with many people who suggest that WordPress is nothing more than adding plugins to create functionality. I’ve gone to great lengths to understand WordPress well enough to decide whether or not a plugin is warranted. About the last thing I want to do is add two more plugins that may, or may not, continue to be maintained.
The entire idea of the Feedback part of the forum is to offer feedback and mine is that the implementation of this new functionality was, in my professional opinion,less than optimal. I’ve offered 3 viable (in my opinion) suggestions:
- Provide an optin to this functionality.
- Develop a “restore point” mechanism that the site owner or their developer can access and deploy, should circumstances warrant a rollback.
- Provide “in context” explanations of the updates in a similar way to how Microsoft does it at the time the update is offered so site owners and/or their developers can read a summary and click through to details about that update.
“…or following Otto’s advice that may be a good compromise for you and others regarding core updates”
I’ve already disabled the auto update feature, Jan. I was up until 4:00 A.M. this morning doing just that. And, last night, I stopped to explain to someone who asked how to disable it.
@marjwyatt: I am a Windows user, and I did understand what you were referring to. We do not have similar options for installing individual and feature specific updates like that, and I find it unlikely that we ever will. The WordPress software is a single piece of software, it’s not like an operating system with many interlocking components like that. It’s not easily amenable to individual feature updates.
@keeperbay: There are many opinions on that topic, but I recommend that you read the full discussion that occurred in October here:
http://make.wordpress.org/core/2013/10/25/the-definitive-guide-to-disabling-auto-updates-in-wordpress-3-7/#comment-10940One quote by Andrew Nacin in that thread really stands out to me:
It’s our duty as developers to make smart decisions and avoid putting the weight of technical choices on our end users.
The truth of the matter is that most users of the WordPress software are not developers, nor technical people. They are publishers. People who write blog posts, or content for websites. That’s our core audience here. The feature decisions for WordPress is made with this group in mind, and not necessarily for developers or technical people.
To that end, there is no checkbox option not because it’s difficult, but because to somebody who is primarily writing a blog or a website, it is unnecessary. A person who doesn’t understand the risks of turning such a checkbox off doesn’t really need to be presented with the option to do so.
One of the WordPress core philosophies is “Decisions, not Options”. What this means is that the software should do the right thing. If updating is the right thing, then it should do that. If not updating is the right thing, then it should do that instead. However, leaving such a choice up to a person who has no technical knowledge of the ramifications of that decision would be laziness on the part of the developers. It is possible to write the code to make the decision correctly in the vast majority of cases, therefore it should be written to do just that, and not present a technical-decision to a non-technical-user.
Now, sometimes, this design philosophy may frustrate technical users, much like yourselves. But technical users know the risks already, and can meaningfully cope with them. To that end, the auto-upgrades process is extremely configurable… just not with a “checkbox”. If you find it frustrating to have to install a plugin or put an extra define into your wp-config.php file to make WordPress behave in the way you want it to behave, then that is rather a small price to pay for the millions of non-technical users out there who are not presented with screen after screen full of checkboxes that contain, to them, little more than meaningless technical jargon.
The configuration options for auto-updates are well documented and available. Auto-updates were announced in October with the release of WordPress 3.7, in the about screen after upgrading, and on many news sites. WordPress 3.7.1 was released a week after and sent out similar emails to the recent 3.8.1 release, so I’m kind of surprised that anybody is finding this out now.
So, I’m not sure how much further the core development team can go to satisfy your need for control here. The fact of the matter is that a decision was made to enable auto-updates for minor releases, put in a ton of safety checks, and to make this a major feature.. all without including a checkbox. I personally think that was the right decision. I understand that you and others disagree, but there’s not much more we can do except to point you to all the ways that you can reconfigure the thing yourself. If that’s not acceptable, then we’re kinda done here, you know?
@samuel –
A person who doesn’t understand the risks of turning such a checkbox off doesn’t really need to be presented with the option to do so.
I really should avoid pointing out how much that sounds like a nanny-state philosophy. I’ll just say it can lead to a very slippery slope.
If that’s not acceptable, then we’re kinda done here, you know?
A bit dismissive, don’t you think, Samuel? I’m not sure what your horsepower around here is, but if that came from Matt M. himself, it’d STILL be a little insulting.
I have built my development efforts upon WordPress for a number of reasons. One, obviously, is that it is such a user-friendly platform for those non-technical site owners out there. Secondarily, it’s always been a platform that I had confidence in, in terms of protecting users from outside influences. The thought that WP might have now become one of those outside influences from which my clients need protection is disturbing. It certainly makes me evaluate whether I can continue to recommend WP when there are other less intrusive alternatives readily available.
The topic ‘Auto Updates?’ is closed to new replies.