Support » Requests and Feedback » Why WP doesnt have it’s own Update-Settings?

Viewing 10 replies - 1 through 10 (of 10 total)
  • Moderator Jan Dembowski


    Forum Moderator and Brute Squad

    It does for minor versions of the core files so 5.1 will auto update to 5.1.1 automatically. 5.1.x will not auto update to 5.2 as that’s considered unsafe for production.

    The themes and plugins have the same functionality but disabled by default. Those plugins just change the default settings.

    This is all done to keep the user’s sites up. There will always be a portion of WordPress that users need to manage and for now those updates are it.

    Jan, thanks but your answer doesn’t really answer to my question.
    I havent asked “why wp doesnt auto-update, and what are reasons..”
    i’ve asked why WP doesnt have a simple built-in management for updating settings.

    So, no need of extra 3rd party apps, to manage system updates?

    rarely you can see that software doesnt have an update settings on it’s own , without need of help 3rd party apps.

    Moderator Jan Dembowski


    Forum Moderator and Brute Squad

    “why wp doesnt auto-update, and what are reasons..”

    The functions are there but turning them on by default is hazardous to many users.

    So, no need of extra 3rd party apps, to manage system updates?

    You need a plugin to change the defaults from “safe” to “unsafe for some users”. Those plugins do not update any plugins or themes. They tell the built in WordPress updater that plugins and themes also may be updated automatically as well.

    rarely you can see that software doesnt have an update settings on it’s own , without need of help 3rd party apps.

    Did I mention for some user’s automatically updating things is dangerous? 😉

    If the controls or options were built into the dashboard then people would enable them without thinking. Support topics would go up. By having it as a plugin that you can install then the user is making a conscious decision and hopefully an informed one.

    Andrew Nevins


    WCLDN 2018 Contributor | Volunteer support

    If you’ve not come across this yet, I recommend looking at WordPress’ philosophy page:

    there could be a red warning or message, that users shouldn’t set auto-update unless they consciously know what are they doing…
    I really dont thing that ...automatically updating things is dangerous..., i think more of dangerous when WP new update is released and people doesnt update WP, because of numberous seurity issues found day by day.
    even today, i’ve got new notification from wpvunldb, about security-issue in WP core.

    and my sites were running 5.0.x till today.
    how that is more secure, then auto-updating, i dont agree. well, at least, i think i should be given an option, unless relying on 3rd party plugins, which i dont know if those plugins have security flaw itself (and if those plugin authors are unknown).

    or at least, in WP-config, we could define ‘SHOW_UPDATE_OPTIONS’ to true…

    oky, thanks for the responses.

    Andrew, i’ll look through it again, if i remember i have that read once a long ago.

    One issue with auto updates is people that use version control don’t want to have things change without them knowing otherwise it can cause problems with their workflow. Generally it’s safer to test first and then deploy changes once you’ve tested them as bugs can appear in updates, not just previous versions.

    there could be a red warning or message, that users shouldn’t set auto-update unless they consciously know what are they doing…

    That stops no one.

    Have you met users? They ignore any warnings and don’t read any form of simple instructions. They click on anything and change anything, because they can – mainly because they don’t understand that something can go wrong, even when it’s spelled out right on front of them. The best thing that a big red warning will do is have people say “Oh, a warning! Well, that doesn’t apply to me”…

    That’s why it’s done thsi way – to save people from themselves. There’s more than enough posts on here from people that have completely broken their site by updating the URL’s in the admin area without knowing what they are doing… having something to allow auto-updating of plugins and themes for people like that? That’s terrifying.

    thanks for reply, but i dont believe whether what you say is argument at all, or probably you didnt read topic well. Who sayd that it should start auto-updating without owners knowledge? I say that option should be there. And if someone with version control (oh, please agree, 5% of user probably use VC, and even they are advanced users), and if they dont wont, they wont enable it and that’s all. or, probably i didnt understand your point well ?

    i don’t agree with you. the arguments you listed, are not the ones (in my mind) that should stand up for justification of that i think. What is better – breaking site’s minor functionalitiies, or expose your site to whole internet to be hacked easily (because, not updating to latest version leaves your site vulnerable to all hackers).

    and you say that it’s better even not to give option, for the reason that 20 % of users might break their site, while other 80% users are left exposed to wild..

    who ignores that warnings and get abrupt ion – s/he is responsible for it.
    Every system works in that way – in windows, when you open Suspicious file, you get warning. It is not blocked in order to “help to avoid any issue that **might**(not surely) happen”. No, it gives warning, but still leaves on your choice. And like that, every other system.

    And lastly, auto-updating is not that huge threat – they could donwgrade.
    but the hacked websites – this is the topmost threat, which is caused by not-updated sites. We should have option.

    • This reply was modified 8 months, 1 week ago by tazotodua.

    And lastly, I think the arguing won’t have any reason, even though I didn’t say that “auto-updating should be by default- enabled” – I didn’t say that and it’s quite strange that I was being argued about that “users will get disruption or etc..”. I never said that it should be automatically, by default enabled.
    I just said, that that could be disabled, but still there was option somewhere in settings bottom, whoever consiously wants to change option, he could turn it on. Why someone non-tech people will directly go there, enable it (with ignoring it’s warning ) and then they will still have complain why website automatically updated?

    oh, come on guys….

    even though i think i am saying quite simple and essential thing (to protect our sites), you are still saying that “auto-updating” will break sites. Is not that surprising?

    we can close the topic. thanks everyone.

    Moderator Samuel Wood (Otto)

    (@otto42) Admin

    There is no way to enable or disable or adjust auto-updates in core, because we had a big long discussion about this about 6 years ago and decided that it wasn’t something the user needed to know or care about. It’s pretty simple in that respect.

    Plugins can fill the need for interfaces if some people think they’re needed, but they’re not really needed, and users should be safe always, and we won’t give them very obviously bad options to enable them to decide to be unsafe about the situation.

    Auto-updating is good, and there’s no sane reason to ask the user to configure a screen which can only make things worse for them.

Viewing 10 replies - 1 through 10 (of 10 total)
  • The topic ‘Why WP doesnt have it’s own Update-Settings?’ is closed to new replies.