Auto-updates in WordPress

In October 2013, WordPress version 3.7 was released, and along with it came a new feature - automatic updates.

Autoupdate became the brightest, most useful, and convenient thing. Now, when a new version of WordPress is released, it will update itself.

Also available:

Contents:

General knowledge about auto-updates
Complete disabling of auto-updates
1. AUTOMATIC_UPDATER_DISABLED - soft disable
2. the automatic_updater_disabled hook - hard disable
3. the auto_update_(type) hook - hard disable
4. DISALLOW_FILE_MODS
5. WP Cron
Updates for the Core of WordPress
Through Options (as of WP 5.6)
Through the constant WP_AUTO_UPDATE_CORE
Through Hooks
Auto-updates for Themes and Plugins
Auto-updates for Translations
Email notifications about auto-updates
auto_core_update_send_email
send_core_update_notification_email
automatic_updates_send_debug_email
Examples
Update/Download of new versions of default Themes and Plugins
Plugins
Easy Updates Manager
Disable All WordPress Updates

General knowledge about auto-updates

There are 4 types of auto-updates in WP:

WordPress itself (core, engine):
- minor - minor releases - version branches, for example: 3.7 > 3.7.1 > 3.7.2. These fix errors, vulnerabilities, and bugs.
  By default: Enabled
- major - major releases - major versions, for example: 3.9 > 4.0 > 4.1 > 4.2. New functionality is added in these versions.
  By default: Disabled (Enabled in version 5.6)
- development - developer releases - alpha and beta releases. Works only if you have an alpha or beta version of WordPress installed.
  By default: Enabled, only if an alpha/beta version of the engine is installed
Translations
Translation files for core, themes, plugins.
By default: Enabled
Themes.
With WP 5.5, it became possible to enable auto-updates for individual themes from the admin panel, from the themes page.

By default: Disabled
Plugins.
With WP 5.5, it became possible to enable auto-updates for individual plugins from the admin panel, from the plugins page.

By default: Disabled

Defaults

By default, auto-update is enabled only for "minor core releases" and "translation files". If you have an alpha or beta version of WordPress installed, then "developer releases" are also enabled by default.

"Major releases" are not subject to auto-updates because they add new functionality that can break the site.

Themes and plugins are also not subject to auto-updates. However, from version 5.5, auto-updates can be enabled for individual themes or plugins.

Changing auto-update settings

You can change the behavior of auto-updates via constants in the wp-config.php file (constants are described below). Constants can also be specified in plugins if they are not already defined.

There are also special hooks to change the behavior of auto-updates, which can be used in plugins, MU plugins, or in the functions.php file (it's not too late there, checked).

What core classes are responsible for auto-updates

The WP_Automatic_Updater{} class is responsible for the common logic of auto-updates. Depending on the type of update, it calls classes:

Complete disabling of auto-updates

Below are the options for completely disabling auto-updates: disabling the ability to configure auto-updates in any way.

1. AUTOMATIC_UPDATER_DISABLED - soft disable

If this constant is defined in the wp-config.php file or in a plugin, then all auto-updates will be disabled. However, this disablement can be overridden by the automatic_updater_disabled hook.

define( 'AUTOMATIC_UPDATER_DISABLED', true ); // completely disables auto-updates

2. the `automatic_updater_disabled` hook - hard disable

To completely disable the update and not allow it to be changed via the AUTOMATIC_UPDATER_DISABLED constant.

add_filter( 'automatic_updater_disabled', '__return_true' );

3. the `auto_update_(type)` hook - hard disable

The auto_update_(type) hook is similar to the previous hook, but it allows you to completely disable the update only for the specified type, and not all at once, as the automatic_updater_disabled hook does.

The dynamic parameter type specifies which type we are changing. Therefore, the hook can take 4 forms:

// disable auto-updates by type
add_filter( 'auto_update_core', '__return_false' );       // core update
add_filter( 'auto_update_theme', '__return_false' );      // theme update
add_filter( 'auto_update_plugin', '__return_false' );     // plugin update
add_filter( 'auto_update_translation', '__return_false'); // translation update

To enable or disable auto-updates, use __return_true or __return_false respectively.

4. DISALLOW_FILE_MODS

Auto-updates will be disabled if the ability to modify WordPress files is disabled, via the DISALLOW_FILE_MODS constant:

define( 'DISALLOW_FILE_MODS', true );

If you need to leave the updates but at the same time disable the ability to edit files from the admin panel, enable the DISALLOW_FILE_EDIT constant.

5. WP Cron

All auto-updates are based on CRON tasks. Therefore, if you disable the cron on the site, all auto-updates will be disabled.

Cron is disabled with the following constant in the wp-config.php file:

define( 'DISABLE_WP_CRON', true );

Disabling the cron is not recommended at all because it is used for a variety of tasks by plugins and WordPress itself.

Updates for the Core of WordPress

Through Options (as of WP 5.6)

You can change the auto-update settings for the WordPress core through options. See update_site_option():

auto_update_core_major - enabled (for new sites) | unset (for old sites)
auto_update_core_minor - enabled
auto_update_core_dev - enabled

Each option determines whether auto-update is enabled for major/minor/dev versions of the WordPress core, respectively. Possible values: enabled, disabled.

If the WP_AUTO_UPDATE_CORE constant is set (see below), its value overrides the values of these options.

Through the constant `WP_AUTO_UPDATE_CORE`

You can also change the auto-update settings for the WordPress core through the WP_AUTO_UPDATE_CORE constant.

It must be added to the wp-config.php file or a plugin:

// Enables core updates only for minor versions (by default)
define( 'WP_AUTO_UPDATE_CORE', 'minor' );

// Completely disables core update
define( 'WP_AUTO_UPDATE_CORE', false );

// Enables all core updates (minor and major)
define( 'WP_AUTO_UPDATE_CORE', true );

If there are hooks defined, their settings override the value of this constant.

Through Hooks

You can also configure the auto-update of the WordPress core through hooks.

To enable or disable updates, use __return_true or __return_false respectively.

// auto-update minor versions (versions within the branch)
add_filter( 'allow_minor_auto_core_updates', '__return_false' );

// auto-update major versions (versions between branches)
add_filter( 'allow_major_auto_core_updates', '__return_false' );

// auto-update developer versions
add_filter( 'allow_dev_auto_core_updates', '__return_false' );

// auto-update all options
add_filter( 'after_core_auto_updates_settings', function( $auto_update ){
	/*
	$auto_update = array(
		'dev'   => true,
		'minor' => true,
		'major' => false,
	);
	*/

	return $auto_update;
} );

These hooks should be used in MU plugins or in regular plugins, but not in the theme's functions.php file.

Auto-updates for Themes and Plugins

By default, auto-updates are disabled for themes and plugins.

Starting with version 5.5, it became possible to enable auto-updates for individual plugins and themes. This can be done in the admin panel. For more details, read here: Controlling Plugin and Theme Auto-Updates UI in WordPress 5.5.

You can enable auto-updates for plugins and themes through the following hooks:

These hooks should be used in MU plugins or in regular plugins, but not in the theme's functions.php file.

// Enable auto-updates for all plugins
add_filter( 'auto_update_plugin', '__return_true' );

// Enable auto-updates for all themes
add_filter( 'auto_update_theme', '__return_true' );

Enable auto-update only for the specified plugin:

add_filter( 'auto_update_plugin', 'auto_update_specific_plugins', 10, 2 );

function auto_update_specific_plugins( $update, $item ){

	// Array of plugin slugs that should be auto-updated
	$plugins = array (
		'akismet',
		'buddypress',
	);

	if( in_array( $item->slug, $plugins ) ){
		return true; // update
	}

	return $update; // return without changes
}

Auto-updates for Translations

To control translation updates, there is a hook:

// disable auto-update of translation files
add_filter( 'auto_update_translation', '__return_false' );

Email notifications about auto-updates

auto_core_update_send_email

When the core is updated, the admin receives an email about the auto-update. You can disable such email sending through the hook:

// disable sending emails about auto-updates
add_filter( 'auto_core_update_send_email', '__return_false' );

You can change the email where the notification is sent through the filter: auto_core_update_email:

$email = apply_filters( 'auto_core_update_email', $email, $type, $core_update, $result );

send_core_update_notification_email

This filter, whether to notify the site administrator about a new update.

By default, administrators receive a notification when an update proposal received from WordPress.org sets a certain flag. This allows you to choose whether to notify the administrator of a new update and when.

This filter takes effect only once per release. If the same email address has already been notified of the same new version, WordPress will not send the administrator an email again.

apply_filters( 'send_core_update_notification_email', '__return_true' );

automatic_updates_send_debug_email

Filter whether to send debug email at every background automatic update.

Such emails are sent only if the developer version of WP is used get_bloginfo( 'version' ) === 6.0-dev.

If you return false, WordPress will not send debug emails, while true will allow sending these emails even in stable installations:

apply_filters( 'automatic_updates_send_debug_email', '__return_true' );

Examples

Let's keep only the updates for plugins and themes enabled, and disable core and translation updates, as well as email notifications.

To do this, place the following code in a plugin or MU plugin. IMPORTANT! Do not use these hooks in the theme's functions.php file, as they will not work correctly.

// disable core updates
add_filter( 'auto_update_core', '__return_false' );

// enable all theme updates
add_filter( 'auto_update_theme', '__return_true' );

// enable all plugin updates
add_filter( 'auto_update_plugin', '__return_true' );

// disable all translation updates
add_filter( 'auto_update_translation', '__return_false' );

// disable email notifications
add_filter( 'auto_core_update_send_email', '__return_false' );

Update/Download of new versions of default Themes and Plugins

WordPress comes with built-in themes and plugins. Each time update checks are performed, the presence of new versions of these themes and plugins is also checked, and new themes are downloaded to the default WordPress configuration (a new theme is added every year).

WP has a setting that allows you to disable update checks and the download of new default packages.

More details: /2156/disabling-update-download-of-new-versions-of-default-themes-and-plugins

Plugins

Easy Updates Manager

A popular plugin that allows you to manage all types of updates on the site.

Disable All WordPress Updates

A simple plugin with no settings - completely disables auto-updates and everything related to updates of plugins, themes, translations, and the core... Install, activate, and forget about all updates...