• Bypass TeamViewer restrictions
• Random password generator Phone password generator with passphrase
• How to make blocks in a line using css?
• Installing Joomla on your local computer
• What interesting things can you find on the Internet?
• Sony Ericsson Xperia Neo review: living up to expectations
• Smartphone Samsung GT I8160 Galaxy Ace II: reviews and specifications
• Analogue of Bla Bla Car in Russia: what alternatives does the service have, what is the difference?
• NewPipe is a free YouTube analogue with the option to download music and videos on Android
• How to check the speed of hosting and loading pages of a web resource Two ways to get to the bottom of the truth

Constantly updating the WordPress core, as well as plugins and themes, is an important part of improving site security and speed. But alas, auto-update is not always a good idea. Let's see the pros and cons.

Why are updates needed?

First, let's look at why updates are needed at all.

There are two main reasons for updating.

1.Input of additional functions. Developers, including WordPress, are constantly improving this management system and constantly introducing new functions.

I’ll also include the removal of unnecessary functions here. Yes, this also happens, although much less often.

2. Elimination of bugs and vulnerabilities. Often, this is the main reason for updating. Programmers are constantly looking for bugs and vulnerabilities that will allow hackers to do bad things.

Typically, updates are installed manually. But it also happens that WordPress installs the update automatically. WordPress has the ability to automatically update updates, and thus, it can update your site itself.

- But this is good! – you might think – then the site will be safe, all important updates will be installed themselves!

Not really.

Why Automatic WordPress Updates Are Not a Good Idea for Your Website?

Since version 3.7, WordPress has the ability to automatically update in case of major changes or due to security patches.

Indeed, there are two main advantages of automatic updating:

It ensures that your site always has the latest and greatest version of all software, meaning your site will perform as well and securely as possible.

And the second advantage is reduced work for the webmaster. The system does everything it needs on its own, and no human intervention is needed.

However, there are also disadvantages. There is a possibility that your site will crash as a result of auto updates. Imagine what this could mean for a large site that decides to auto-refresh at midnight. As a result, the site will not work all night, which will lead to large, including financial, losses. And the webmaster won’t even know that the site is not working. And he finds out about it only in the morning.

But not only that, often automatic updates occur without notification at all. And so, the webmaster sits down at his computer, checks the statistics, and in response there is silence. The site crashed. In such a situation, you can be sure that the reason for the site failure—Wordpress update—will be the last thing that comes to the webmaster’s mind. Most likely, he will think that the reason for the site failure is a hacker break-in.

So you have to choose, either you will update wordpress a little later, but calmly, or one morning you will wake up and see that your site is not working.

Disable WordPress updates and you will be sure that the site always works flawlessly.

Or

Enable automatic updates and hope that conflicts between core, plugins and/or themes break the site during automatic updates.

If you're still not convinced that disabling WordPress auto-updates is the best choice, let me tell you something that happened in 2016 that will likely scare you forever:

Auto-update Wordfence

WordPress uses api.wordpress.org to handle releasing automatic updates to users. Here's how the process works:

Although this procedure makes the process of automatically updating sites much easier for WordPress, it is not a completely fault-tolerant system. Think about it:

When a site has automatic updates set, it means that it recognizes api.wordpress.org as a reliable source and accepts all updates from it. But what happens if malicious code gets into the kernel?

This is what this script would look like:

Because WordPress is open source, and because the auto-update API is publicly hosted by GitHub, the development team must be very careful about what goes into the code on the server. That's why GitHub content goes through a rigorous review process before it reaches the server.

Even though security is strong here, Wordfence discovered a serious vulnerability in one of its weak webhook hashing algorithms .

Essentially a poorly designed hashing mechanism made it much easier for an attacker to hack the code and get inside api.wordpress.org. If a hacker could do this, any information infected on the server would be distributed to every site with automatic updates enabled. And very quickly.

And although the WordPress developers quickly fixed this problem, in fact, there is no one hundred percent guarantee that there are no other security holes left in the code. Moreover, taking into account the fact that the WordPress core is also constantly being modified.

Why you should prevent WordPress from updating

Since in the vast majority of cases, sites have themes and plugins from different developers, then there is always a chance that code in one software will conflict with another. And this could be due to a plugin or theme you installed months or even years ago. The imbalance between these two elements alone can bring down your site.

Turning off WordPress automatic updates is a necessary solution.

Once you disable automatic WordPress updates, you have complete control over the process. This means testing every new core, plugin, or theme update in a safe test environment away from your WordPress site.

If something happens, then there is nothing to do. Your test site took the brunt of the failure, and you will know that it is not worth updating the working site.

If the update went smoothly and no bugs popped up, then you will only need a few clicks to update your working site.

There are two ways to disable auto update: with some changes to the WordPress code and using a plugin. But since I have some problems using the code, it’s easier for me to use a plugin. And to disable auto updates, the Easy Updates Manager plugin is well suited, which you can download from the official wordpress repository

I hope you don't have any problems installing plugins on wordpress. Installation of this plugin is also standard. At the end of the installation, it should appear among your installed plugins.

When you go to the plugin settings, you will see something like the following.

The plugin has several tabs: main, plugins, themes, advanced.

On the main tab, you can adjust everything at once. Enable or disable update everything. Here I recommend that you turn on updates. After all, updates are an important procedure, and by not doing so at all, you risk your site becoming an easy target for hackers.

Secondly, you can disable auto-updates.

In addition, using this plugin, you can change other update settings. Enable/disable updates for all themes, enable/disable plugin updates. You can also enable/disable individual plugins and themes.

In general, this plugin has enough capabilities.

Conclusion

As you can see, there are very good reasons to disable automatic WordPress updates. And since it's really easy to do, why not do it? Yes, this is additional work, yes, you will need to log into the admin panel regularly. It is also highly advisable to test updates on twin sites. Also, perhaps you have several sites.

But all the same, it’s easier to do this than to be nervous if the site suddenly freezes, and you won’t be able to understand the reason, and even more so, you won’t know what to do.

The release of WordPress 3.7, released in October 2013, gave us access to features that were to the taste of some and were completely unnecessary for others. On the agenda is automatic updating of minor releases of the WordPress core. When a new minor release (version 3.9.1, for example) is released, WordPress can now automatically update the system core - great news for most WordPress users, but, as it turns out, not for all.

Why disable automatic updates?

If you are using a dedicated server, then your host probably does the updates for you. Before implementing the update, they need to make sure that the new version works reliably in their environment (the chances of something not working correctly are extremely small, but it is still better to test in advance - before you start using these updates, especially when it comes to large sites, which usually use dedicated servers).

If you are using something other than a dedicated server, then you are probably responsible for updating your software yourself, and thus have more control over how automatic updates occur.

If you use a lot of plugins or a custom theme, you may want to hold off on upgrading your WP version until the plugin developers are confident that their extensions work reliably with the new release.

You may be in one of those situations where you have a good reason to disable the auto-update feature on your site. So, how can you do this? There are two ways to do this trick:

• Using a plugin
• Add a piece of code

Since using a plugin seems like the easiest way to achieve our goal, let's start there.
Note: If you are using a version control system such as Git, Subversion, Mercurial or Bazaar, this feature will be disabled automatically in WordPress, so you don't have to worry.

And here is the plugin for this

In the WordPress repository you will find a plugin called Advanced Automatic Updates. After installation, go to the plugin settings page, where you can disable unwanted automatic updates, including major releases of the core, plugins and themes, as well as default minor releases, for which the function was developed.

And as an added bonus, you can also disable the auto-notifications that WordPress automatically sends to the site admin or overwrite the admin email address with your own if you prefer not to see them and not be an eyesore to your client.

Note: The theme update feature will only work if it is downloaded from the official WordPress repository.

If you are using a paid or premium theme that was downloaded from another resource, such as a theme store or design site, then you will have to update the template yourself when a new version becomes available.
Remember that you should always make a backup before updating anything. Moreover, this rule also applies when you manipulate the code described below.

Disable auto update feature

But what if you don’t want to install an extra plugin on your website? Since the WordPress user interface doesn't have any toggle to disable this functionality, you'll have to roll up your sleeves and dig into the code. Trust me, it's not that difficult. All you need to do is add this piece of code to your wp-config.php file:

I suggest placing this code, and other pieces of code that we will consider further, here, right above this inscription in wp-config.php:

/* That's all, stop editing! Happy blogging. */

(Suggestion here - one simple and quick rule: I like to keep all my custom versions of the wp-config file here so I can find them easily. But it's up to you where you keep them.)

Enabling updates for major releases

If you want to enable kernel updates for both major and minor releases, then add this line of code to the wp-config.php file:

/* turn on both minor and major WordPress automatic core updates*/ define("WP_AUTO_UPDATE_CORE", true);

Plugin and theme updates

If you want your themes and plugins downloaded from the WordPress repository to be updated automatically, the code for this is quite similar to the one we just used, but this time in order to enable updates you also need a filter (Read note above, which talks about the relationship between automatic updates and the repository).

To automatically update plugins, use this code:

add_filter("auto_update_plugin", "__return_true");

And to do the same for themes, use this code

Add_filter("auto_update_theme", "__return_true");

Disable all updates

Let's say you decide that your site doesn't need automatic updates at all. You are the guru of your domain (and website, and maybe email...but that's beside the point) and have decided to handle updates entirely on your own. Here's how you can do it:

/* I am the captain of this ship, I’ll do my own updates thanks*/ define (‘ AUTOMATIC_UPDATER_DISABLED’, true);

Don't forget, folks, that this piece of code disables all and overwrites some options you may have enabled, so use this power wisely.

Now, having all these pieces of code at our disposal, we can mix them with each other. For example, you can disable kernel updates but allow themes and plugins to enjoy all the benefits of auto-updates. So, let's start by disabling kernel updates by adding this code:

/* Disable WordPress automatic updates */ define("WP_AUTO_UPDATE_CORE", false);

Then we’ll add the code to enable theme and plugin updates:

Add_filter("auto_update_plugin", "__return_true"); add_filter("auto_update_theme", "__return_true");

Email notifications

One last trick - we're going to disable the email notifications you receive when the update is complete. This time, instead of adding the code to wp-config.php, we'll paste it into your active theme's functions.php file.

/** * Disable the auto generated email sent to the admin after a core update */ apply_filters("auto_core_update_send_email", false, $type, $core_update, $result);

And now, we have achieved full control over how the core, plugins and themes of the WordPress site are automatically updated. You can also turn off email notifications.

In October 2013, WordPress version 3.7 was released, and with it a new feature - automatic updates. There were other new items, but not about them now.

Auto-update has become the brightest, very useful and convenient thing. Now, when a new version is released, WordPress will update itself.

General knowledge about auto-updates

WP has 4 types of auto-updates

WordPress core (engine)

• “minor releases” (minor) - versions of branches, for example: 3.7 > 3.7.1 > 3.7.2. They fix errors, vulnerabilities and bugs.
  Default: Enabled

  “major releases” - major versions, for example: 3.9 > 4.0 > 4.1 > 4.2. These versions add new functionality.
  Default: Disabled

• “development releases” - releases of alpha and beta versions. Only works if you have an alpha or beta version of WordPress installed.
  Default: Enabled only if alpha/beta version of the engine is installed

Translation files.
Default: Enabled

Themes.
Default: Disabled

1. Plugins.
   Default: Disabled

Enabled by default

By default, auto-update is enabled only for “minor kernel releases” and “translation files”. If you have an alpha or beta version of wordpress installed, then “developer releases” are also enabled by default.

“Major releases” are not subject to auto-updates, because they add new functionality that may disrupt the operation of the site.

Themes and plugins are also not subject to auto-updating, for obvious reasons...

Changing auto-update settings

You can change the auto-update behavior through constants in the wp-config.php file or through filters in plugins or the MU plugin. Constants can also be specified in plugins if they are not already defined.

You can also use hooks in the theme's functions.php file. It's not too late there (checked).

Which kernel classes are responsible for auto-updating?

The WP_Automatic_Updater() class is responsible for the general auto-update logic. Depending on the type of update it calls classes:

Global disabling of auto-updates

It describes options for completely disabling auto-updates, disabling the ability to somehow configure auto-updates at a low level, for example through WP_AUTO_UPDATE_CORE (see below).

There are five ways to completely disable auto-updates.

1. AUTOMATIC_UPDATER_DISABLED - soft shutdown

If you define this constant in the wp-config.php file or in the plugin, then all auto-updates will be disabled:

Define("AUTOMATIC_UPDATER_DISABLED", true); // completely disables auto-updates

However, such a disabling can be “interrupted” with the automatic_updater_disabled hook.

2. Hook automatic_updater_disabled - hard shutdown

To disable the update completely and not allow you to change it through the AUTOMATIC_UPDATER_DISABLED constant.

Add_filter("automatic_updater_disabled", "__return_true");

3. Hook auto_update_(type) - hard shutdown

define("DISALLOW_FILE_MODS", true);

Auto-updates WordPress core (engine)

You can change the WordPress core auto-update settings through the WP_AUTO_UPDATE_CORE constant, which can be added to the wp-config.php file or plugin:

# Enables core updates only for minor versions (default) define("WP_AUTO_UPDATE_CORE", "minor"); # Disables all core updates define("WP_AUTO_UPDATE_CORE", false); # Includes all core updates (minor and major) define("WP_AUTO_UPDATE_CORE", true);

Also, auto-update of the kernel can be configured through hooks. They interrupt what is specified in the WP_AUTO_UPDATE_CORE constant.

// auto-update of minor versions (versions within a branch) add_filter("allow_minor_auto_core_updates", "__return_false"); // auto-update of major versions (versions between branches) add_filter("allow_major_auto_core_updates", "__return_false"); // auto-update of developer versions // (enabled by default if the alpha or beta version of the engine is installed) add_filter("allow_dev_auto_core_updates", "__return_false");

To enable or disable updates use "__return_true" or "__return_false" respectively.

Auto-updates of themes and plugins

By default, auto-updates are disabled for themes and plugins.

// Enable auto-updates for all plugins add_filter("auto_update_plugin", "__return_true"); // Enable auto-updates for all themes add_filter("auto_update_theme", "__return_true");

Use __return_false instead of __return_true to disable the update.

Enable auto-update only for the specified plugin:

Add_filter("auto_update_plugin", "auto_update_specific_plugins", 10, 2); function auto_update_specific_plugins($update, $item)( // Array of plugin shortcuts that need to be auto-updated $plugins = array ("akismet", "buddypress",); if(in_array($item->slug, $plugins)) return true; // update else return $update; // return unchanged )

Auto-updates translation files

To control the translation update, there is a hook:

// disable auto-update of translation files add_filter("auto_update_translation", "__return_false");

Auto-update notifications by email

When updating the kernel, the administrator receives a letter about auto-update. This sending can be disabled using the auto_core_update_send_email hook:

// disable sending email about auto update add_filter("auto_core_update_send_email", "__return_false");

You can change the mail where to send the letter using the filter:

Advanced Automatic Updates

To manage auto-updates, the Advanced Automatic Updates plugin has been created.

The plugin disables auto-update upon activation and allows you to enable updates by type:

Enable auto-update between version branches (major versions);

Enable auto-update of the kernel within the branch (Minor and security versions);

Enable auto-update of plugins (Update your plugins);

Enable auto-update of themes (Update your themes);

Change the email to which update letters will be sent. Or disable email notifications;

• When to receive notifications about errors (Debug Information).

The WordPress core is updated automatically, without user intervention. There are a number of situations where such updates are not advisable, and in this article we will look at several ways to disable automatic updates of WordPress.

First of all, it’s worth noting that automatic updates (by default) only apply to technical releases—those that fix some critical WordPress bugs and vulnerabilities. Skipping such updates is not safe and is highly discouraged, and the rollback system will be able to restore your previous version in case of any failures when trying to update.

There are three main reasons why you should disable WordPress automatic updates:

• You use a version control system, including for updates
• Do you use any tools to deploy projects on remote servers, such as Capistrano or SaltStack
• You are a hosting provider and perform updates yourself and on time for all your clients

Automatic update management

There are several constants to control automatic updates in WordPress, you can set them in the wp-config.php configuration file. For example, to completely disable the automatic update mechanism, use the AUTOMATIC_UPDATER_DISABLED constant:

Define("AUTOMATIC_UPDATER_DISABLED", true);

Please note that with this directive, you will also disable automatic updates of language packs, themes and plugins, if they are enabled. With the WP_AUTO_UPDATE_CORE constant, you can control automatic WordPress core updates.

The default value is minor , which will only allow automatic updates to technical releases, for example from 3.7 to 3.7.1 and to 3.7.2, but not to 3.8, 3.9, etc. With the value false you can completely disable automatic kernel updates, and with the value true you can enable automatic updates for all releases (not just technical ones):

// Technical releases only, 3.7 to 3.7.1, 3.7.2, etc. (default value) define("WP_AUTO_UPDATE_CORE", "minor"); // All releases, 3.7 to 3.8, 3.9, etc. define("WP_AUTO_UPDATE_CORE", true); // Disable automatic core updates define("WP_AUTO_UPDATE_CORE", false);

You can also use special filters to control automatic kernel updates:

• allow_major_auto_core_updates - updating major releases (from 3.7 to 3.8)
• allow_minor_auto_core_updates - update to technical releases (from 3.7 to 3.7.1 and 3.7.2)
• allow_dev_auto_core_updates - update to the developer version (from 3.7-RC to 3.7-RC2)
• auto_update_core - enable automatic core updates

You can write a simple plugin to use these filters on your site. For example, to allow updates to major releases:

/** * Plugin Name: Enable Major Core Updates */ add_filter("allow_major_auto_core_updates", "__return_true");

And to prevent automatic updates of the WordPress core:

Add_filter("auto_update_core", "__return_false");

Automatic updates of WordPress themes and plugins

By default, WordPress will not automatically update your themes and plugins, but this can be easily changed using the auto_update_theme and auto_update_plugin filters:

/** * Plugin Name: Auto-update Plugins and Themes */ add_filter("auto_update_theme", "__return_true"); add_filter("auto_update_plugin", "__return_true");

Likewise, if automatic theme and plugin updates are enabled, you can easily disable it using the __return_false helper function.

Version control systems

Before performing an automatic update, WordPress will look for the .svn, .git, .hg, and .bz directories—these are the subdirectories of the Subversion, Git, Mercurial, and Bazaar version control systems. If one of them is detected, automatic updating will not occur.

If you use version control and still want WordPress core to update automatically, you can use the automatic_updates_is_vcs_checkout filter.

In conclusion, I would like to reiterate that it is not recommended to disable automatic updates of the WordPress core, especially when it comes to technical releases, which often contain fixes for vulnerabilities. If for some reason automatic updating on your site is not possible, you can use a special plugin Background Update Tester, which will help you find and eliminate the reason.

Read more about why you should always update WordPress, plugins and themes.

Today we will look at the question of how to disable WordPress updates correctly and whether it is worth updating automatically on WordPress every time a new and intermediate version is released. You can do this by adding a small code to your site’s configuration file. Or you can install a plugin. Many people use the second method.

I will write my opinion about this, from myself.

And so, if we look at queries in Yandex, Google, YouTube about this very update, you will see many queries. This only says one thing: this issue is very relevant today. Many articles have been written, and even more videos have been made about the benefits of this update, but there are no less opinions on how to disable automatic WordPress updates.

And today I will analyze exactly that.

Constant updating is the protection of the site console from spammers, hackers, bots and generally God knows what. This is undoubtedly a great benefit. But there is another side to this issue, which shows that in addition to benefits, unforeseen nuances arise. Everyone has their own. And so it’s up to you to turn them off or not. I repeat, despite all the usefulness, there are exceptions and they are not uncommon.

I will say that manual updating is now used very rarely. Three years ago it was relevant, but time has passed. Now on all hostings and on the WordPress engine (cms) it is enough to go to the site console and update by pressing one button.

There are cases who still prefer to update manually, but they are rare.

Of course, there are cases when automatic updating gives an error and you have to update manually, but these are rather rare exceptions. At the moment, and it’s 2017, everything is working well. And if something goes wrong, you can always write to your hosting support, where they will answer all your questions in detail. However, I digress a little and continue.

To learn how to update manually, read my article written by .

Another thing is to update correctly, and not leave it all to the judgment of automatic updates. After all, every update is not in vain and without surprises. After these events, I had to correct the code and scripts every time.

It’s not so scary if you don’t have many articles on your site yet, and you’re a young blogger, but what if it’s different? Do you have a lot of articles and your blog is 3-5 years old and have you written a lot of useful things there for people? Then this is the work of the "negroes in the galleys."

Updates can be disabled temporarily using the “Disable All WordPress Updates” plugin or, for those who understand codes, slightly edit the wp-config.php file

Attention! Don't think that I'm against updates in general. This is wrong. You need to update, but not in intermediate versions.

How do you know when it's time to upgrade?

You need to go to the console and click the update tab.For example, from version 4.6 to 4.7 in between, I would not do this.

Intermediate versions have two points, and full versions have one.

See screenshots.

Copy the name. Go to the plugins tab - add a new one, then enter the one you are looking for in the search box to find plugins. WordPress tells you if it is right for you. Don't be upset - it suits everyone. The plugin is free and lightweight. You just need to activate it and your torment will stop.

Warning! As soon as you turn it off, everything will start again - updates. So decide whether you need it or not?

The plugin does not require any settings. Works great.

Another warning about the Disable All WordPress Updates plugin.

Plagin will disable all updates to the plugin engine and your theme. This is necessary when you have set up your site and you are satisfied with how it works. In addition to the positive aspect, updates can also play a negative role.

Let's imagine for a moment a situation where you have everything set up and the site is working like a clock, but then an update comes either to the engine or the plugin, the theme - it doesn’t matter…. Now this will be done automatically. I'm talking about engine updates.

If you do not have this plugin, then everything will be updated automatically. There is nothing to be done, this is how your favorite engine or designer works.

As a result, the site may not function as well as before. And given that intermediate versions can be released every two months, you will have to constantly fix everything. Think about it: is it worth updating all the time? And I explained above about intermediate updates.

How I managed to convey this to you is another matter. If something is not clear, please contact me and I will answer.

My article about updating CMS WordPress.

Let's move on to another method of blocking updates.

The whole point is to use the wp-config.php file. A constant is used here that prohibits automatic updating of the core, theme, and plugins if you write it in this file. Here it is - “AUTOMATIC_UPDATER_DISABLED”

Write this code in the file:

// disable automatic updating define("AUTOMATIC_UPDATER_DISABLED", true);

The file is located at the root of the site. Usually it is located in the public_html folder. Lines of code can be added to the end of the file.It is located at the root of your site. Read or watch the video on how to get there.

These were options that would be understood by those who are familiar with codes and have some knowledge. For me, install the plugin and follow the versions.

That's all I have. See you soon!

• What to do if your computer lags a lot
• Speed ​​Dial: the best visual bookmarks for the Google Chrome browser
• How to disable browser add-ons that block scripts from running
• New technology from Google “Instant apps” – what is it and how to install Instant apps update
• Facebook “My Page” login
• Register on Facebook and log in to your page
• Troubleshoot printer sharing issue
• Troubleshoot printer sharing issue
• What you need to know about Facebook restrictions
• Linux Fundamentals for Beginners

• Bypass TeamViewer restrictions
• Random password generator Phone password generator with passphrase
• How to make blocks in a line using css?
• Installing Joomla on your local computer
• What interesting things can you find on the Internet?
• Sony Ericsson Xperia Neo review: living up to expectations
• Smartphone Samsung GT I8160 Galaxy Ace II: reviews and specifications
• Analogue of Bla Bla Car in Russia: what alternatives does the service have, what is the difference?
• NewPipe is a free YouTube analogue with the option to download music and videos on Android
• How to check the speed of hosting and loading pages of a web resource Two ways to get to the bottom of the truth