Is it safe to enable automatic plugin updates in WordPress

Few months ago I was preparing for a client meeting - I just finished client website, and was going to teach the client how to work with it. Site's already live for a couple of weeks, everything seems well... What could go wrong?

Anyway, I thought I'll double check how posts and pages look, will disable all the unnecessary fields and sections, will make user experience as simple as possible.

It all went great until I hit Update button on the post page. The post reloaded, but it did not seem to be updated, without any messages or warnings.

It took me some time to think what I've done differently than usual. And then something came to mind - I enabled all the automatic plugin updates on the site. And one plugin was recently updated, which might be related to the issue.

I go to WordPress repository, find the previous version of plugin, install it, and voila - site's fully working again. And my next step - disable automatic plugin updates.

It's great that I cought a buggy plugin update (almost) in time. And I know the plugin got the update after a few days that got rid of the issue. But I started treating this WordPress functionality quite a bit differently. Should you do that too?

Should you enable automatic plugin updates in WordPress

If you have a simple WordPress website, like a personal blog, your site has few plugins and runs one of the default WordPress themes, you should not have any issues by enabling automatic plugin updates in WordPress. It will even help you make your site more secure.

I personally, on the other hand, now only allow automatic updates for plugins which I've used for years, and never had any issues after updating them. For example, SEO and caching plugins from my recommended WordPress plugin list, and most of plugins related to Genesis Framework. They've never failed on personal or clients' websites in years, so I know it should be alright, even it's still a small risk.

So if you use just a few basic plugins, you may enable automatic plugin updates - your website should be safe and reliable.

Which WordPress plugins you should never ever update automatically

WordPress plugin updates don't break things too ofter. Most of the time they fix issues and make your website safe. But with some plugins it's not that easy.

Here's few types of WordPress plugins which you should not update automatically:

  • WooCommerce, and other plugins related to WooCommerce. Or any other e-commerce plugins. There's a simple reason for that. WooCommerce and related plugins (payment processors, shipping plugins, and any other e-commerce extensions) heavily rely on each other. If, for example, one of them is not ready to work with latest version of other plugins, your online store might loose sensitive data, or just crash in front of customer. You should always test WooCommerce plugin updates on a separate site, or at least make a full website backup before running the updates.

  • WordPress forum and membership plugins. Again, the same story as e-commerce. These plugins have lots of data and functionality under their control. If update crashes your site and you won't be there after failed update you may have a hard time recovering issues.

  • Page builders and other similar plugins which control how content and styling are rendered on your site. There are lots of situations where people customize their website looks using multiple plugins. Or worse, use most popular Themeforest themes which rely directly on plugins. Once you make an update you never know how, or if, your site will work after the updates.

One more tip. If you have a large website with 30 or even more plugins installed, and these plugins are not from the same author, you should not enable automatic updates for plugins. If something breaks, it would be quite hard to restore website functionality without turning it down, when such vast amount of plugins are updated automatically.

The most important thing before running WordPress core, WordPress theme and plugin updates

It does not matter if it's automatic updates, or you update your WordPress manually, you should always create backups. This way you'll always be able to restore site functionality fast and easy even if something does not work out as planned.