Yesterday afternoon I got an email notification from my local WordPress install, confirming the automatic update of a 3rd party plugin that I did not opt-in updates for. Let’s start with some history. The plugin in question is Yoast WordPress SEO. If you’re not familiar with his plugins, the history of updates is awful. In the last two weeks, I’ve updated twice, and both times have resulted in fatal PHP errors which require FTP’ing into the site, to manually remove the plugin. Both cases were due to not checking if a file exists before loading it. I won’t go into the numerous times before that this plugin has caused issues on updates, nor will I go into the conversations with other developers that constantly deal with the same issues. I just want to paint a picture, that the plugin update track-record is less than stellar. Now let’s consider how WordPress automatic updates work. This is, straight from their codex. Automatic plugin and theme updates are disabled by default. “Automatic plugin and theme updates are disabled by default. To enable them, you can leverage the auto_update_$type filter, where $type would be replaced with “plugin” or “theme”. I did not enable automatic plugin
Share This