Auto-updates in WordPress
In October 2013, WordPress version 3.7 was released, and along with it came a new feature - automatic updates.
Autoupdate became the brightest, most useful, and convenient thing. Now, when a new version of WordPress is released, it will update itself.
Also available:
General knowledge about auto-updates
There are 4 types of auto-updates in WP:
-
WordPress itself (core, engine):
-
minor - minor releases - version branches, for example: 3.7 > 3.7.1 > 3.7.2. These fix errors, vulnerabilities, and bugs.
By default: Enabled -
major - major releases - major versions, for example: 3.9 > 4.0 > 4.1 > 4.2. New functionality is added in these versions.
By default: Disabled (Enabled in version 5.6) - development - developer releases - alpha and beta releases. Works only if you have an alpha or beta version of WordPress installed.
By default: Enabled, only if an alpha/beta version of the engine is installed
-
-
Translations
Translation files for core, themes, plugins.
By default: Enabled -
Themes.
With WP 5.5, it became possible to enable auto-updates for individual themes from the admin panel, from the themes page.By default: Disabled
-
Plugins.
With WP 5.5, it became possible to enable auto-updates for individual plugins from the admin panel, from the plugins page.By default: Disabled
Defaults
By default, auto-update is enabled only for "minor core releases" and "translation files". If you have an alpha or beta version of WordPress installed, then "developer releases" are also enabled by default.
"Major releases" are not subject to auto-updates because they add new functionality that can break the site.
Themes and plugins are also not subject to auto-updates. However, from version 5.5, auto-updates can be enabled for individual themes or plugins.
Changing auto-update settings
You can change the behavior of auto-updates via constants in the wp-config.php file (constants are described below). Constants can also be specified in plugins if they are not already defined.
There are also special hooks to change the behavior of auto-updates, which can be used in plugins, MU plugins, or in the functions.php file (it's not too late there, checked).
What core classes are responsible for auto-updates
The WP_Automatic_Updater{} class is responsible for the common logic of auto-updates. Depending on the type of update, it calls classes:
Complete disabling of auto-updates
Below are the options for completely disabling auto-updates: disabling the ability to configure auto-updates in any way.
1. AUTOMATIC_UPDATER_DISABLED - soft disable
If this constant is defined in the wp-config.php file or in a plugin, then all auto-updates will be disabled. However, this disablement can be overridden by the automatic_updater_disabled hook.
define( 'AUTOMATIC_UPDATER_DISABLED', true ); // completely disables auto-updates
2. the automatic_updater_disabled hook - hard disable
To completely disable the update and not allow it to be changed via the AUTOMATIC_UPDATER_DISABLED constant.
add_filter( 'automatic_updater_disabled', '__return_true' );
3. the auto_update_(type) hook - hard disable
The auto_update_(type) hook is similar to the previous hook, but it allows you to completely disable the update only for the specified type, and not all at once, as the automatic_updater_disabled hook does.
The dynamic parameter type specifies which type we are changing. Therefore, the hook can take 4 forms:
// disable auto-updates by type add_filter( 'auto_update_core', '__return_false' ); // core update add_filter( 'auto_update_theme', '__return_false' ); // theme update add_filter( 'auto_update_plugin', '__return_false' ); // plugin update add_filter( 'auto_update_translation', '__return_false'); // translation update
To enable or disable auto-updates, use __return_true or __return_false respectively.
4. DISALLOW_FILE_MODS
Auto-updates will be disabled if the ability to modify WordPress files is disabled, via the DISALLOW_FILE_MODS constant:
define( 'DISALLOW_FILE_MODS', true );
If you need to leave the updates but at the same time disable the ability to edit files from the admin panel, enable the DISALLOW_FILE_EDIT constant.
5. WP Cron
All auto-updates are based on CRON tasks. Therefore, if you disable the cron on the site, all auto-updates will be disabled.
Cron is disabled with the following constant in the wp-config.php file:
define( 'DISABLE_WP_CRON', true );
Disabling the cron is not recommended at all because it is used for a variety of tasks by plugins and WordPress itself.
Updates for the Core of WordPress
Through Options (as of WP 5.6)
You can change the auto-update settings for the WordPress core through options. See update_site_option():
auto_update_core_major
- enabled (for new sites) | unset (for old sites)auto_update_core_minor
- enabledauto_update_core_dev
- enabled
Each option determines whether auto-update is enabled for major/minor/dev versions of the WordPress core, respectively. Possible values: enabled
, disabled
.
If the WP_AUTO_UPDATE_CORE constant is set (see below), its value overrides the values of these options.
Through the constant WP_AUTO_UPDATE_CORE
You can also change the auto-update settings for the WordPress core through the WP_AUTO_UPDATE_CORE constant.
It must be added to the wp-config.php file or a plugin:
// Enables core updates only for minor versions (by default) define( 'WP_AUTO_UPDATE_CORE', 'minor' ); // Completely disables core update define( 'WP_AUTO_UPDATE_CORE', false ); // Enables all core updates (minor and major) define( 'WP_AUTO_UPDATE_CORE', true );
If there are hooks defined, their settings override the value of this constant.
Through Hooks
You can also configure the auto-update of the WordPress core through hooks.
To enable or disable updates, use __return_true or __return_false respectively.
// auto-update minor versions (versions within the branch) add_filter( 'allow_minor_auto_core_updates', '__return_false' ); // auto-update major versions (versions between branches) add_filter( 'allow_major_auto_core_updates', '__return_false' ); // auto-update developer versions add_filter( 'allow_dev_auto_core_updates', '__return_false' ); // auto-update all options add_filter( 'after_core_auto_updates_settings', function( $auto_update ){ /* $auto_update = array( 'dev' => true, 'minor' => true, 'major' => false, ); */ return $auto_update; } );
These hooks should be used in MU plugins or in regular plugins, but not in the theme's functions.php file.
Auto-updates for Themes and Plugins
By default, auto-updates are disabled for themes and plugins.
Starting with version 5.5, it became possible to enable auto-updates for individual plugins and themes. This can be done in the admin panel. For more details, read here: Controlling Plugin and Theme Auto-Updates UI in WordPress 5.5.
You can enable auto-updates for plugins and themes through the following hooks:
These hooks should be used in MU plugins or in regular plugins, but not in the theme's functions.php file.
// Enable auto-updates for all plugins add_filter( 'auto_update_plugin', '__return_true' );
// Enable auto-updates for all themes add_filter( 'auto_update_theme', '__return_true' );
Enable auto-update only for the specified plugin:
add_filter( 'auto_update_plugin', 'auto_update_specific_plugins', 10, 2 ); function auto_update_specific_plugins( $update, $item ){ // Array of plugin slugs that should be auto-updated $plugins = array ( 'akismet', 'buddypress', ); if( in_array( $item->slug, $plugins ) ){ return true; // update } return $update; // return without changes }
Auto-updates for Translations
To control translation updates, there is a hook:
// disable auto-update of translation files add_filter( 'auto_update_translation', '__return_false' );
Email notifications about auto-updates
auto_core_update_send_email
When the core is updated, the admin receives an email about the auto-update. You can disable such email sending through the hook:
// disable sending emails about auto-updates add_filter( 'auto_core_update_send_email', '__return_false' );
You can change the email where the notification is sent through the filter: auto_core_update_email:
$email = apply_filters( 'auto_core_update_email', $email, $type, $core_update, $result );
send_core_update_notification_email
This filter, whether to notify the site administrator about a new update.
By default, administrators receive a notification when an update proposal received from WordPress.org sets a certain flag. This allows you to choose whether to notify the administrator of a new update and when.
This filter takes effect only once per release. If the same email address has already been notified of the same new version, WordPress will not send the administrator an email again.
apply_filters( 'send_core_update_notification_email', '__return_true' );
automatic_updates_send_debug_email
Filter whether to send debug email at every background automatic update.
Such emails are sent only if the developer version of WP is used get_bloginfo( 'version' ) === 6.0-dev
.
If you return false, WordPress will not send debug emails, while true will allow sending these emails even in stable installations:
apply_filters( 'automatic_updates_send_debug_email', '__return_true' );
Examples
Let's keep only the updates for plugins and themes enabled, and disable core and translation updates, as well as email notifications.
To do this, place the following code in a plugin or MU plugin. IMPORTANT! Do not use these hooks in the theme's functions.php file, as they will not work correctly.
// disable core updates add_filter( 'auto_update_core', '__return_false' ); // enable all theme updates add_filter( 'auto_update_theme', '__return_true' ); // enable all plugin updates add_filter( 'auto_update_plugin', '__return_true' ); // disable all translation updates add_filter( 'auto_update_translation', '__return_false' ); // disable email notifications add_filter( 'auto_core_update_send_email', '__return_false' );
Update/Download of new versions of default Themes and Plugins
WordPress comes with built-in themes and plugins. Each time update checks are performed, the presence of new versions of these themes and plugins is also checked, and new themes are downloaded to the default WordPress configuration (a new theme is added every year).
WP has a setting that allows you to disable update checks and the download of new default packages.
More details: /2156/disabling-update-download-of-new-versions-of-default-themes-and-plugins
Plugins
Easy Updates Manager
A popular plugin that allows you to manage all types of updates on the site.
Disable All WordPress Updates
A simple plugin with no settings - completely disables auto-updates and everything related to updates of plugins, themes, translations, and the core... Install, activate, and forget about all updates...