WordPress Automatic Updates: Staying in Control (Even with Your Host)

If you manage a WordPress site, you’ve likely experienced automatic updates. Imagine waking up one morning to find that your well-designed website looks different or is malfunctioning after an unexpected update. This scenario is common among WordPress users, making it essential to understand how automatic updates work.

Since its introduction in WordPress 3.7, the auto-update feature has been a double-edged sword. While it’s designed to keep your site secure and up-to-date, it can sometimes lead to unexpected issues if you’re unprepared.

In this article, I will show you how to navigate WordPress’s automatic updates effectively.

In this blog post, I will show you how to control WordPress automatic updates so that they don’t cause any problems for your website.

The best way to control the automatic updates of WordPress is to modify the wp-config.php. Usually, the wp-config.php is in the root folder of the public_html folder. 

You need to log in to your hosting company and get access to the file manager.

There are various options available. Here is an example of the file manager in CPanel. A lot of hosting companies are using CPanel.

Disable WordPress Auto Updates

If you want to turn off Auto Updates thoroughly, add this statement

define( 'AUTOMATIC_UPDATER_DISABLED', true );

Disable WordPress Core Updates

A core update is a WordPress Version Update, for example, from WordPress 6.0 to 6.1. However, sometimes WordPress releases security updates like 6.0.3.

# Disable all core updates:
 define( 'WP_AUTO_UPDATE_CORE', false );

 # Enable all core updates, including minor and major:
 define( 'WP_AUTO_UPDATE_CORE', true );

 # Enable core updates for minor releases (default):
 define( 'WP_AUTO_UPDATE_CORE', 'minor' );

Use this command to tell WordPress only to update minor security updates.

define( 'WP_AUTO_UPDATE_CORE', 'minor' );

Here is a link to the Wordpress.org website with a detailed description of all available statements in wp-config.php. You can control many other options.

Notification Email

WordPress sends an email to the administrator email address with the result of the update. The subject line is “Your site has updated to WordPress XXX (case success).” It is possible to disable the notification email. But I don’t suggest doing that. It’s a good reminder that something happened in the background.

Hosting Providers and Auto-Updates: What You Need to Know

While I’ve shown you how to control WordPress auto-updates using built-in settings, there’s something crucial you should be aware of: some hosting providers can override these settings. Yes, you read that right. Even if you’ve diligently set up your wp-config.php file to disable auto-updates, your hosting company might still push updates to your site.

Before you panic, let me explain why they do this and what you can do about it.

Many hosting providers, especially those offering managed WordPress services, implement their update mechanisms. They do this primarily for security reasons, ensuring all sites on their platform run the latest, most secure versions of WordPress. It’s generally good, but I understand if you want more control.

The good news is that some hosts offer ways to customize this behavior. For instance, SiteGround (a popular hosting provider) allows you to delay updates for several days.

They’ve even recently introduced an option to skip updates entirely, although you’ll need to log into your hosting account to use this feature.

If you’re with a host that forces updates, here’s what I recommend:

1. Check your hosting control panel for update-related settings. You might find options to delay or customize updates there.
2. Contact your host’s support team. Ask about their update policies and whether they offer any way to opt-out or delay updates.
3. If having full control over updates is crucial for your site, consider switching to a host that offers this flexibility. Just remember, with great power comes great responsibility—if you disable auto-updates, it’s on you to keep your site secure.

Remember, while it can be frustrating to lose control over updates, your host’s heart is in the right place. They’re trying to keep your site secure. If you opt out of auto-updates, please ensure you’re staying on top of WordPress news and manually updating regularly. Your site’s security depends on it!

My recommendation

I recommend letting WordPress auto-update any security updates (minor). It will ensure your WordPress core installation is always current in terms of security. I don’t recommend letting WordPress auto-updates all updates. There is a danger such an update can break your site. It is better to test a significant release on a staging site beforehand.

Read also my article about how to harden WordPress. It is essential to keep not only WordPress core files up to date; there is a lot more to do.

I would love to get some feedback from you. Was this article helpful? Please share your opinion with me in the comment section below. Or, if you prefer a more personal touch, feel free to email me directly at info@edyrecommends.com. Your thoughts and insights are always appreciated.