Otto on WordPress Updates

Hey there! I'm currently working on a CLI tool to deploy WordPress apps to DigitalOcean. Check it out! It's free and open source.

You should update any and all plugins immediately when there is an
update available, period.

If the plugin author has a habit of introducing new versions with
bugs, then you should stop using that plugin and find a different one

I do not see it as a good idea to introduce anything which even
remotely suggests that it is okay to not update. It is not okay.
Update. Immediately. Always.
Otto via wp-hackers

Very well said Otto, and it’s also good to know that Chrome-like updates is one thing the core team is keeping in mind. Anybody else wants to suggest telling users to not update? ;) Here’s the beginning of the thread.

About the author

Konstantin Kovshenin

WordPress Core Contributor, ex-Automattician, public speaker and consultant, enjoying life in Moscow. I blog about tech, WordPress and DevOps.


  • On the subject of silent updates, when the feature was first discussed the general concensus was that it should be built as a plugin first to gauge its viability. Since then there’s been exactly one plugin appear on the repo that attempts it: by dd32.

    Silent updates can be useful in certain situations, but it’s complicated to implement (in recent weeks I’ve been building my own silent updates plugin and I’ve run into all the problems dd32 listed in the thread). I don’t expect to see it appearing in core any time soon.

    • John thanks for your comment! I don’t think silent updates is something you’d build in a few weeks, of course it’s not easy :) but it feels good, knowing that it’s all headed that way and will be implemented sooner or later.

  • As a WordPress plugin developer I find, particularly with larger updates, that initial bugs are inevitable. It’s okay for a commercial company such as Automattic to suggest this, but when it’s a lone developer working for free then such a level of testing may not be available. I’d never push an update out with known bugs but, inevitably, they occur.

    Rather than pushing the issue onto the developers maybe Otto should think about fixing the issue over the upgrade notice in the README and look into improved upgrade options.

    Also, how about an easy way, via the WordPress repository, to easily allow users to get involved in testing programmes? I have a test site and would be more than happy to test beta releases of plugins on that – this should at least help reduce issues upon release.


    • Dartiss, I’m sure Otto wasn’t referring to plugins only but to WordPress core as well, and if when automatic updates arrive, they’ll most likely arrive for core first.

      Also, how about an easy way, via the WordPress repository, to easily allow users to get involved in testing programmes?

      It’s easy enough for core — you can run beta versions, nightly builds or even have access to the most recent changes via Subversion. In fact, many sites would run the trunk version and svn up several times an hour, so they’re always running the latest codebase, even if it has bugs.

      Plugins have the same directory structure, so you can easily point your server to a trunk version of a plugin, but the rest is all up to the plugin developer — they can push changes to trunk anytime, and those changes are not moderated by anyone other than the plugin author, so they can easily check in code that would fail to parse and bring your whole site down with a fatal error.

      If you want to help test plugins that you use, you should get in touch with their authors and see what their process is like. If they need testers, they’ll probably let you know how you can help :)

      Thanks for stopping by to comment!

  • Hmm, automatic updates to core trouble me. WordPress is not Chrome.

    If an automatic update to Chrome kills an extension I’m using, I can live it, or switch back to Firefox for a while. If an automatic update to WordPress kills a plugin, then it could take down a site or break the functionality, not just for a single user, but for *all* the users of that site. And in some circumstances it could cost site owners money.

    Such problems may only happen in a small percentage of intstallations, but when you have millions of sites using WordPress, even a small percentage works out to be a lot of installations.

    If automatic updates do come to core, they should be opt-in not opt-out. Opt-out will endup costing some people $. Guaranteed.

    • I don’t think auto-updating core is as simple as simulating a site admin push a button. As Otto said in the mailing list, there’s much more to that than we all think, and getting it right is not easy, which is why it’s not implemented yet :) Thanks for your comment Stephen!