WordPress Automatic Updates: How to stay in Control

If you’re running a WordPress site, you probably know that WordPress, by default, applies all updates. While this is an excellent feature, in theory, it can be a bit of a headache if you’re not expecting an update and it breaks your site. With Version 3.7, this feature was first introduced to make updating sites easier for WordPress users.

In this blog post, I will show you how to control WordPress automatic updates so that they don’t cause any problems for your website.

The best way to control the automatic updates of WordPress is to modify the wp-config.php. Usually, the wp-config.php is in the root folder of the public_html folder. 

You need to log in to your hosting company and get access to the file manager.

There are various options available. Here is an example of the file manager in CPanel. A lot of hosting companies are using CPanel.

Disable WordPress Auto Updates

If you want to turn off Auto Updates thoroughly, add this statement

define( 'AUTOMATIC_UPDATER_DISABLED', true );

Disable WordPress Core Updates

A core update is a WordPress Version Update, for example, from WordPress 6.0 to 6.1. However, sometimes WordPress releases security updates like 6.0.3.

# Disable all core updates:
 define( 'WP_AUTO_UPDATE_CORE', false );

 # Enable all core updates, including minor and major:
 define( 'WP_AUTO_UPDATE_CORE', true );

 # Enable core updates for minor releases (default):
 define( 'WP_AUTO_UPDATE_CORE', 'minor' );

Use this command to tell WordPress only to update minor security updates.

define( 'WP_AUTO_UPDATE_CORE', 'minor' );

For your reference, a link to the WordPress.org website with a detailed description of all available statements in wp-config.php. You can control many other options.

Notification Email

WordPress sends an email to the administrator email address with the result of the update. The subject line is “Your site has updated to WordPress XXX (case success).” It is possible to disable the notification email. But I don’t suggest doing that. It’s a good reminder that something happened in the background.

My recommendation

I recommend letting WordPress auto-update any security updates (minor). It will ensure your WordPress core installation is always current in terms of security. I don’t recommend letting WordPress auto-updates all updates. There is a danger such an update can break your site. It is better to test a significant release on a staging site beforehand.

Read also my article about how to harden WordPress. It is essential to keep not only WordPress core files up to date; there is a lot more to do..

Sum up: WordPress Automatic Updates

In this blog post, I have shown you how to control WordPress automatic updates so that they don’t cause any problems for your website. By modifying the wp-config.php file, you can choose which updates to enable and disable. We recommend enabling security updates but disabling all other core updates. It will help keep your site updated and running smoothly.