In an effort to prevent WordPress sites from being hacked, the WordPress developer team is working on adding an auto-update feature to themes and plugins.
Many site owners often install themes and plugins but forget to update them and this has led to WordPress sites being hacked and even taken over by cybercriminals.
Work on WordPress’ auto-update feature began months ago and it has already been implemented for plugins. However, the developer team is currently in the process of adding auto-updates to WordPress themes.
Once the auto-update feature begins rolling out to stable versions of WordPress’ content management system (CMS), site owners will be able to configure the themes and plugins they’ve installed to update by themselves by simply checking an option in their site’s admin panels.
WordPress site owners eager to test out this new feature for themselves can do so by installing the WordPress AutoUpdates plugin which is currently in beta.
WordPress auto-update feature
The code behind WordPress’ new auto-update feature has actually been present in the CMS’ source code since version 3.7, which was released back in 2013. At that time, the WordPress team added a background auto-update mechanism for the WordPress core.
Since version 3.7, all WordPress installations have been configured to install minor security updates automatically though user action is still required to update between major versions. The developers knew that they would eventually need to perform more than core updates, so they added the code for performing background updates for themes and plugins but it was never enabled by default.
Some site owners have stumbled upon the code during the past seven years and they’ve hacked their own WordPress configuration files to enable auto-updates for themes and plugins. Additionally, some plugin developers also found and tapped into the code to create either free or commercial plugins that allow users to customize the WordPress auto-update feature.
WordPress’ auto-update feature is expected to help reduce the number of hacked WordPress sites once it rolls out globally with the upcoming release of WordPress 5.5.