Ever wondered if auto-updates in WordPress are a blessing or a curse? Join us as we explore the pros and cons of different update strategies and share our own experiences. We'll explain why it's essential to keep your WordPress site updated for security reasons and what could go wrong if you don't, but also discuss how unexpected results can occur.
Discover the best strategies for updating your WordPress site, from scheduled automatic updates with zero downtime deployments to utilizing external tools for backup and updates. We also touch on the importance of having a backup before updating, and how visual regression tests can ensure your site stays looking and functioning as it should. Don't miss out on this valuable advice for keeping your WordPress site secure and up-to-date!
Links
VRTs – Visual Regression Tests (Plugin): https://wordpress.org/plugins/visual-regression-tests/
Highlights
00:00 Intro
00:36 WordPress auto-updates
01:25 Scheduled automated updates
03:07 Failure checks & recovery
05:05 Manual update workflows
07:09 Zero downtime updates
08:50 Conclusion
More from Bleech
Blog Posts (WordPress Development)
Flynt (WordPress Starter Theme)
VRTs (Visual Tests for WordPress)
Siegfried, deploy! (YouTube Channel)
Ever wondered if auto-updates in WordPress are a blessing or a curse? Join us as we explore the pros and cons of different update strategies and share our own experiences. We'll explain why it's essential to keep your WordPress site updated for security reasons and what could go wrong if you don't, but also discuss how unexpected results can occur.
Discover the best strategies for updating your WordPress site, from scheduled automatic updates with zero downtime deployments to utilizing external tools for backup and updates. We also touch on the importance of having a backup before updating, and how visual regression tests can ensure your site stays looking and functioning as it should. Don't miss out on this valuable advice for keeping your WordPress site secure and up-to-date!
Links
VRTs – Visual Regression Tests (Plugin): https://wordpress.org/plugins/visual-regression-tests/
Highlights
00:00 Intro
00:36 WordPress auto-updates
01:25 Scheduled automated updates
03:07 Failure checks & recovery
05:05 Manual update workflows
07:09 Zero downtime updates
08:50 Conclusion
More from Bleech
Blog Posts (WordPress Development)
Flynt (WordPress Starter Theme)
VRTs (Visual Tests for WordPress)
Siegfried, deploy! (YouTube Channel)
Hey Dominik, should you enable auto updates in WordPress?
Dominik:It depends. So I guess, do we enable auto updates in WordPress? Stefan, yes, we do, but No, we don't.
Steffen:What We don't. No, oh, wait, right, okay, we don't. We got a distinguish here. Probably Not the WordPress auto updates, but we do automatic updates.
Dominik:Yes, i think it's been a long discussion or a long way where WordPress has ended up now, but you can have all the plugins and WordPress core and all the themes like basically everything that you have installed in WordPress you can have auto updated by WordPress itself. So you can just say, okay, i want an auto update. So whenever something new is released and it's compatible with your setup, then stuff will get updated on your website. Right, and this is for most people that use WordPress. I think the best way to go, because we've seen it in the past as well, and we still see it that people don't update their WordPress And this like introduces a big like big vulnerabilities, big or serious security issues and so on, or can at least enable them. So that's why I would always like encourage you to have a way of automated updates.
Dominik:So, but now to us. We don't have automatic updates in WordPress enabled. We use a different tool to have scheduled automated updates. Right, because the downside when you do auto automated updates is that you might like have unexpected results. So maybe your site isn't working as it should anymore, maybe it's completely down, maybe it looks differently, and we want to prevent that from happening like any point in time. So if we're not in the office or if we're not working, if nobody's there, then we don't want things to be updated. But then we say, okay, once a week, on a specific day, or maybe every weekday, we just update all the stuff that is available. And then we don't just update but we say take a snapshot or like a screenshot, do the updates and take another screenshot and compare them. And if this actually doesn't look the same for, let's say, the homepage, then please revert and notify us. Lots of talk from my side. Do you want to add something or ask specifically?
Steffen:I totally agree with that. I agree in a sense that all updates just made a lot of sense. Automatically scheduled updates You should always do that. I remember, like when iPhone apps did not have automatic updates, how common it was that people did just not do their updates right Because they didn't know what for they would need to do it or so they didn't want to have new features, for whatever reason.
Steffen:But the biggest thing why you should do updates is in favor of security, and I'd rather say I'd rather break something with a site, some tiny feature that breaks due to a plug in incompatibility, then having my site being insecure, being vulnerable and being hacked in the end, which is the worst thing that could happen, right, and if you want to protect yourself from these kind of issues that things would break without you knowing well then there are at least two ways you can do that. First, you run them on a schedule kind of right, like we do with some kind of external software, and then you are available and you check the site. But also, second, to help you with that, you should have some kind of automatic tests like visual regression tests. That's also a plug in that we created for WordPress and it's free And there you will be notified if any visual differences on your pages happen. So at least you can feel more safe that whenever there is an issue you will be notified about that.
Dominik:One thing to be sure also when you do an update, it's also really important to make a backup before you update. right, a lot of these backup plug ins actually have settings for this, so that they say, do a backup before something updates. But like we basically have this also configured in our tools that we say, okay, schedule this update at a certain date and at a certain time, but before take a backup on. only when this is done and when this has successfully finished, only then do the update. Because if you want to do a rollback and things go like terribly wrong, you should always be able to restore the disk of your web server and the database of your web server.
Steffen:Good, but when should you not do automatic scheduled updates? Are there any cases in which you recommend against it?
Dominik:I can think of some cases where you wouldn't want to use like automated updates and or scheduled updates, and this is when you have like really complex systems, really complex WordPress application, maybe somewhere you have integrated some third party libraries that might not be a WordPress plug in or just like some custom functionality, right, and in that case I would definitely suggest to set up like automated tests or at least have a workflow of how to do these updates and then do them manually, right, like this would be one case.
Dominik:or if you have a complex deployment system with like auto scaling and things like that, and you have everything in like containers or like some other infrastructure where you do things via or install plugins via Composer, for example. In these cases it's also of course you can create a job that will automatically update your dependencies for you, but I'd rather have that be done manually, with like conscious decisions about what to update and what not to update. But then we get into really like also the realms of highly complex systems and, depending on budget or on like best practices, even those, if you have a good test suite with like automated tests running against the staging environment or like a testing environment, when you have this set up properly. even in those cases you might rely and you might even have a better like security, feeling of security when you do automated updates than via this, like CI, cd, whatever service.
Steffen:We do have a couple of clients where stability and availability of the website is super important. Are these also clients where we always disable auto updates, or are these also cases where we sometimes do have that enabled?
Dominik:Well, again, it depends Usually for like zero downtime requirements and high availability. You don't want to use the WordPress default update mechanism, right, because what that will bring you you always get like this okay, your site or not always, but a visitor might get the screen WordPress is down due to maintenance, will be back up shortly, right, and you always want to minimize the chance of something like that being there. That's why, in these cases, there are some, there's some form of like zero downtime deployments that we use, either like in a normal server setup, where we basically sim link new releases, or we upload like the entire updated code base to a new folder in the on the server and then just make a sim link to the new one when we want to deploy, when everything has been uploaded and configured. So this would be way. Or, as I mentioned earlier, this like container based strategy, where you first build the containers, build everything, and then you just basically go in and say, okay, now please exchange the container to have a new version online.
Steffen:Okay. so if I would sum this up, the best strategy we think right now is to have scheduled automatic updates with zero downtime deployments, but this is a very complex way of doing things. The second best way is to have scheduled updates via external tools, which also do specific backups right before the update. And then the third best option that you still should always consider, if none of the others can be done, is activating auto updates within WordPress.
Dominik:Yeah, my guess. That sums it up.
Steffen:Great.
Dominik:Thanks, welcome, steph.