WordPress 3.7 and Automatic Updates
So, WordPress 3.7 has been released, and as of version 3.7, WordPress now has an automatic core update feature. Awesome, right? WordPress does all the updating for you, so all those pesky security patches get applied automagically (assuming your server/php install meets the requirements… in particular, OpenSSL needs to be installed and working on your server).
But what about those of us who like to micromanage our sites and apply updates manually… or who manage updates via version control, where having updates applied to a live production site without your approval may not necessarily be a good thing. If you’re like me, you prefer a higher level of control over what’s running in a production environment.
Thankfully, the good people at WordPress recognize that a lot of us are total control freaks who don’t want Skynet dictating when and where our sites get updated. 🙂 Automatic core updates can be controlled in a variety of ways.
1) By using version control or FTP updates.
Yes, if you use use FTP for your updates and your site asks for FTP credentials, auto-updates are disabled by default. Likewise, if you’re using SVN or GIT checkout your site won’t be updating itself behind your back, because WordPress checks for the presence of version controlled directories.
2) By adding the appropriate constants to your wp-config.php file.
There are three options here. DISALLOW_FILE_MODS, AUTOMATIC_UPDATER_DISABLED, and WP_AUTO_UPDATE_CORE.
DISALLOW_FILE_MODS – having this constant defined blocks any kind of changes to your filesystem. For most users, this option might be a little heavy-handed, since it disables the ability to update anything via the WordPress dashboard. That means that you won’t be able to update core, plugins, themes, etc. through WordPress itself. You’ll have to push updates through version control or FTP.
define( 'DISALLOW_FILE_MODS', true );
AUTOMATIC_UPDATER_DISABLED – having this constant defined disables the automatic updater. Similar to the first option, but only applies to automatic updates. However, it also blocks some other functionality… specifically, updates for language packs and emailed update notifications.
define( 'AUTOMATIC_UPDATER_DISABLED', true );
WP_AUTO_UPDATE_CORE – this constant gives you much finer grained control over the auto-updater. You can disabled auto-updates entirely (give the constant a value of false), enabled them for both minor AND major updates (give it a value of true), or enable them for minor updates only (a value of minor… this option is default).
define( 'WP_AUTO_UPDATE_CORE', false );
define( 'WP_AUTO_UPDATE_CORE', true );
define( 'WP_AUTO_UPDATE_CORE', minor );
Be careful if you’re thinking about setting this to “true”. It will result in your site updating from 3.7.x to 3.8 when 3.8 becomes available. If you want to avoid automatically jumping to the next major release, use “minor” instead.
3) By using filters.
WordPress 3.7 provides new filters to add to a plugin or a theme’s functions.php file that have the same functionality as the similarly-named constants.
apply_filters( 'automatic_updater_disabled', true );
apply_filters( 'auto_update_core', false );
There are also two additional filters that can enable/disable auto-updates for plugins or themes:
apply_filters( 'auto_update_plugin', false );
apply_filters( 'auto_update_theme', false );