WordPress® Auto-Updates: Should You Use Them?

Open Source projects like WordPress have empowered over a billion people to have an online presence. One factor that plagues the Open Source community is hackers. The nature of Open Source and its security transparency opens the door to constant hacking attempts by ruthless hackers, bots, and script-kiddies. The number one way to prevent your WordPress site from getting hacked is to keep your WordPress version, themes, and plugins updated. Keeping WordPress updated can be challenging both for smaller businesses that don’t employ a webmaster as well as larger agencies that maintain hundreds of WordPress sites.

To help manage the issue of updating WordPress, last year, WordPress 5.5 introduced auto-update options for plugins and themes. Before version 5.5, such update features were only available by plugins or 3rd party services. But do auto-updates solve the problem or present even more issues? This article will discuss the pros and cons of auto-updates and the best methods of keeping WordPress up to date.

How do WordPress auto-updates work?

In WordPress 5.5, you have the option to turn on auto-updates for your plugins and themes manually. When activated, WordPress runs the WP-Cron several times a day to check for available updates. WP-Cron is a CronJob for WordPress that handles scheduling time-based tasks in WordPress. After running the WP-Cron, if a new version of the theme or plugin is available, it will be automatically downloaded and installed.

The benefits of WordPress auto-updates

Security should be your number one concern; according to a recent Imperva report, 98% of WordPress vulnerabilities are due to plugins.

By utilizing auto-updates, your website will make sure as soon as the developer releases an update or security patch, it will be updated on your website.  

Auto-updates benefit users that don’t log in or manage their website consistently. They also help users that operate multiple WordPress sites by saving them countless hours of manual work.

The problem with WordPress auto-updates

At its core, auto-updates for themes and plugins sound like a blessing but there can be adverse effects on your website. A few possible scenarios are:

  • Your website crashes –   The automatic updater does not check for compatibly or conflicts with other plugins and scripts when installing the update. A simple Javascript conflict can have profound implications. 
  • New vulnerabilities –  The goal of auto-updates is to keep your website updated with the latest version of the software, but often new features come with new vulnerabilities.  

What if auto-update breaks your site?

If you can still access your website and only see visual issues, you can always disable the updated plugin or theme. If your whole site goes down, it might be time to restore your site with a backup. Keeping up-to-date backups of your website is crucial today. There are several backup solutions currently available:

  • WordPress backup plugins –  The WordPress plugin directory offers hundreds of backup and website maintenance solutions. 
  • Backup services –  SaaS platforms like Vaultpress offer real-time and scheduled backup services for WordPress websites.
  • Server-side backups – cPanel’s Backup Wizard and add-on services such as Jetbackup can be configured to backup your sites on a scheduled timeline. These services offer great customization and options.

How to make sure your WordPress site doesn’t break from auto-updates

Turn off auto-updates in WordPress and let WordPress Toolkit handle the process with Smart Updates! WordPress Toolkit’s Smart Updates work for manual and automatic updates. Before confirming these updates, you get to see a side-by-side preview of your current site and the updated site to decide whether to commit the updates. 

Smart Updates uses artificial intelligence to analyze updates and learn which are beneficial or not and then offers recommendations. It also creates easy rollbacks via Restore Points and Backups to make sure you never lose your site or data.

You can also disable plugins and themes even if you do not have access to your website. Since WordPress Toolkit runs at the server level inside of cPanel, you won’t be locked out of plugin and theme administration.

Find out more about Smart Updates and WordPress Toolkit for cPanel at: http://cpanel.net/wp-toolkit

The bottom line about WordPress auto-updates

Auto-updates for Themes and Plugins are a welcome update to WordPress, and as Matt Mullenweg revealed in his 2020 State of the Word, this is just the beginning of an install it, set it and forget it approach for updates. We look forward to the upcoming auto-updates and security enhancements in WordPress. No matter how advanced WordPress updates and security get, there will still be a need for server-level security and administration. cPanel and WordPress Toolkit are here to keep your websites secure and updated.

As always, if you have any feedback or comments, please let us know. We are here to help in the best ways we can. You’ll find us on Discord, the cPanel forums, and Reddit. Be sure to also follow us on FacebookInstagram, and Twitter.

The Evolution of WordPress® Management with cPanel

cPanel & WHM® has introduced a revolutionary new way to manage WordPress sites. The WordPress Toolkit (WPTK) empowers web hosting providers and site owners to install, secure, and configure multiple websites in a single easy-to-use interface. This Toolkit simplifies site management by automating complex tasks and providing a unified configuration and support experience.

Before the WordPress Toolkit, WordPress Manager was cPanel’s primary WordPress interface. However, while it surfaces useful configuration and backup settings, users often found themselves turning to site admin pages or command-line tools like WP-CLI. In contrast, the WordPress Toolkit offers a collection of tools that provide a complete WordPress management solution. 

In this article, we’ll highlight some of the features that make cPanel & WHM and WPTK the ideal platform for WordPress hosting providers, including:

  • Managing WordPress Plugins and themes
  • Cloning WordPress sites and creating staging sites
  • One-click WordPress security hardening
  • Smart updates
  • Multi-Site Automatic updates

Installing WordPress, Themes, and Plugins

WordPress Manager offered a straightforward site installation with a handful of configuration options. WordPress Toolkit is significantly more flexible and configurable.

Deploying New WordPress Sites

cPanel users can configure and automatically install sites with customized plugin and theme sets, making the usually time-consuming task of plugin and theme installation almost instantaneous.

cPanel WordPress Toolkit Install

The Toolkit comes with several sets, such as WordPress Essentials, WordPress Classic, and the Ecommerce Pack. However, the real power lies in custom sets created in WHM and made available to cPanel users. This feature allows web hosts and server administrators to provide a single-click deployment process that includes everything users need to get started with a new site.

The site installation tool also allows users to pre-select automatic update settings before installation. They can choose any combination of automated update strategies for major and minor releases of WordPress, plugins, and themes.

Managing Plugins and Themes

With WordPress Toolkit, cPanel users can browse, install, and activate plugins and themes from within cPanel. Unlike WordPress Manager, WPTK offers both single and multi-site management tools. If you’ve ever wanted to activate, deactivate, install, uninstall, or update a plugin on dozens of sites at the same time, you’re going to love WordPress Toolkit.

Cloning WordPress Sites and Creating Staging Sites

One of the Toolkit’s killer features is cloning, which creates an identical copy of a site. It can clone any site hosted on your server in seconds, making the clone available at a new subdomain, which it creates automatically, or at an existing domain or subdomain.

WordPress Toolkit Clone Website

Site cloning has many uses, but the primary purpose is to deploy staging and testing sites based on users’ production sites. What was once a complex process requiring third-party plugins or laborious manual database and file copying is now entirely automated.

In addition to cloning, the Toolkit includes a data copying feature that transfers files and database tables between sites. Users can copy files, the database, or both, with fine-grained control over which tables they would like to include or exclude.

One-Click WordPress Security Hardening

A typical WordPress installation starts with WordPress core, followed by plugins and themes, and then an involved security hardening process to remove potential vulnerabilities. We’ve already seen how the Toolkit automates the installation, and you’ll be happy to hear that it takes care of security hardening as well.

The WPTK has two security hardening features. First, it applies critical fixes during installation, ensuring WordPress is secure the moment it goes online.

WordPress Toolkit Security Status

Second, it scans sites for non-critical risks, displaying issues in an interface that users browse to activate (or revert) fixes. As you might be expecting, hardening can be applied site-by-site or to many sites simultaneously, allowing web hosts to harden hundreds of sites in a couple of clicks.

If you want to know more about security hardening with the WordPress Toolkit and the vulnerabilities it can fix, read WordPress® Hardening: One-Click Security with cPanel

Smart Update

Smart Update is an exciting feature enabled by the Toolkit’s ability to clone WordPress sites. Have you ever updated to a new version of a plugin or theme, only to find that a bug or incompatibility breaks your site? It’s one reason users avoid updating, exposing WordPress to security risks that can result in compromised sites.

WordPress Toolkit Smart Update Test

Smart Update solves that problem by testing new code before it goes live. It works like this:

  • The Toolkit creates a clone of the site.
  • It runs a series of tests to get an idea of the site’s state before updating.
  • The clone is updated, and the same tests are run on the new version.
  • The results are compared, and potential problems are reported.

The Toolkit looks for HTTP errors, PHP errors and warnings, inaccessible pages, and more. It checks multiple pages, and in addition to automated tests, it displays before and after screenshots for users to manually verify that it is safe to proceed.

If all is well, the user clicks Apply Updates, and the Toolkit patches the production site and cleans up the clone. With Smart Updates, you can keep your site up-to-date in full confidence there will be no unexpected side effects.

Multi-Site Automatic Updates

While we’re on the topic of updates, another great feature of the WordPress Toolkit is the mass configuration of automatic updates, so hosts can quickly implement patching policies for all sites hosted on their servers.

Hosts have fine-grained control over WordPress, plugin, and theme updating. They can limit automatic updates to security and other minor changes or choose to have sites automatically upgrade to new major versions.

A Complete WordPress Management Solution

We have highlighted five key WordPress Toolkit capabilities, each of which saves time and reduces complexity for hosting providers. There are many others we could have mentioned, including:

If you would like to learn more about WordPress Toolkit’s features and licensing, please visit this page and our documentation. As always, if you have any feedback or comments, please let us know. We are here to help in the best ways we can. You’ll find us on Discord, the cPanel forums, and Reddit.

Our Updated MySQL® 5.5 Roadmap

In order to allow users of MySQL 5.5 more time to upgrade their database engines, we have recently changed our MySQL 5.5 roadmap to remove several cPanel & WHM upgrade blockers.

If you run MySQL 5.5 on cPanel & WHM version 78, you can upgrade to 86. You cannot upgrade to 88 or 90. If you run 5.5 on cPanel & WHM version 86, you can upgrade to 92.

Even though a cPanel & WHM version may allow you to run MySQL 5.5, that version of MySQL it still end-of-lifed; cPanel, L.L.C. will thus be unable provide support for any technical issues that you have with the database.

We strongly encourage you to upgrade MySQL to a supported version as soon as possible in order to avoid any vulnerabilities or incompatibilities with third-party applications such as WordPress®.

If you run MySQL 5.5, we’d like to hear from you as to why you are still running this out-of-date software and what is preventing you from upgrading to a supported version. Please take our survey about MySQL 5.5 support: https://go.cpanel.net/mysql55forums

As always, if you have any feedback or comments, please let us know. We are here to help in the best ways we can. You’ll find us on Discord, the cPanel forums, and Reddit.

Updated End User License Agreement and Pricing and Term Agreement

cPanel is excited to add to the availability of WordPress Toolkit.  To do that we’ve made some changes to our End User License Agreement and Pricing and Term Agreement.  In addition, we’ve added a click-through agreement for PartnerNOCs to give PartnerNOCs the ability to take advantage of this product.  We’ve also made some technical corrections.  I’ve summarized the changes below. 

WordPress Toolkit Changes

  • WordPress Toolkit is licensed on a per account basis.  To enable this, we’ve modified our EULA and Pricing and Term Agreement to:
    • Define the terms “WordPress Toolkit” and “account.”
    • Include WordPress Toolkit in the types of software that customers can license.
    • Leveraged our “Pricing and Term Agreement” and pricing pages so that customers have a more easily accessible place to understand how WordPress Toolkit is priced.
    • Added account based licenses to the types of licenses that can be verified by us.
  • We’ve created a click through agreement for PartnerNOCs that include the changes made to our EULA, and reference the Pricing and Term Agreement.

Technical Corrections

  • The EULA has been modified to:
    • Corrected misnumbering in paragraph 2.2.3
    • Correct a typo in paragraph 2.4
    • Remove paragraph 3.6 covering “language file modifications,” remove references to this paragraph, and update numbering within the document.
    • Update the Effective Date
  • The Pricing and Term Agreement has been modified to:
    • Update the Effective Date.
    • Add a definition for “cPanel Solo.”