Beginner's Guide for WordPress - Start your WordPress Blog in minutes.
Choosing the Best
WordPress Hosting
How to Easily
Install WordPress
WordPress Plugins
View all Guides

How to Disable Automatic Updates in WordPress

Last updated on by
Special WordPress Hosting offer for WPBeginner Readers
How to Disable Automatic Updates in WordPress

Did you know that WordPress can automatically update your website? Yes that include plugins and themes too. Despite the security benefits, there is a slight chance that it can break your website. In this article, we will show you how to disable automatic background updates in WordPress.

Note: This post was originally published on Oct 25, 2013, but we have updated it to add more insights and make it more comprehensive.

Background auto updates were introduced in WordPress 3.7 in an effort to promote better security. By default it is limited to only minor releases however in special cases WordPress may update your plugins and themes.

If you are one of the millions of websites that are using Yoast WordPress SEO plugin, then your site was automatically updated about a week ago without any notification!

Automatic updates are great for WordPress security because many users never update their plugins or their WordPress installs. However it can break your site which we will highlight below.

First let’s take a look at how to disable WordPress auto updates.

Video Tutorial

If you don’t like the video or need more instructions, then continue reading.

Configuring and Disabling Automatic WordPress Updates

The easiest way to do this is by installing and activating Disable Updates Manager plugin.

Go to Settings » Disable Updates Manager to configure your settings.

Disable Updates Manager

Alternatively, you can disable automatic updates in WordPress by adding this line of code in your wp-config.php file:

define( 'WP_AUTO_UPDATE_CORE', false );

This will disable all automatic WordPress updates.

However if you want to receive minor core updates, but disable theme and plugin updates, then you can do so by adding the following filters in your theme’s functions.php file or in a site-specific plugin.

Disable automatic WordPress plugin updates:

add_filter( 'auto_update_plugin', '__return_false' );

Disable automatic WordPress theme updates:

add_filter( 'auto_update_theme', '__return_false' );

Now that you know how to disable automatic updates in WordPress, the question is should you disable it?

On our sites, we have disabled automatic plugin and theme updates while keeping the minor core updates enabled.

We are listing the pros and cons of automatic updates below to help you make the decision that’s best for you.


You don’t have to worry about updating minor WordPress releases which are pushed out for maintenance and security purposes.

This is something that you only got if you paid for managed WordPress hosting, but now it’s available for everyone (at least for minor releases).

You also have the benefit of knowing that if there was a crucial security issue with WordPress or a popular plugin, then WordPress will automatically update even if you are on a vacation, so your site is secure.


There is a slight chance that automatic updates can break your site. In our experience, the minor releases haven’t broken any of our sites yet.

But that’s because we are following the best practices and not modifying any core files. If you modify WordPress core files, then these automatic updates can override them.

Although it hasn’t happened yet, but if WordPress ever felt necessary to push a security update for a theme you are using, then there is a chance that it will break your website specially if you have modified your theme files.

Similar to that, automatic plugin updates can break your site as well because there are just too many variables (different server environments, plugin combinations, etc).

Now it’s important to know that these updates will not break majority of websites, but considering WordPress powers millions of websites, a small percentage can still be a lot of sites.

For example, the recent Yoast SEO update broke two of our sites: WPBeginner and ThemeLab.

On WPBeginner, the issue was very edge-case. For some odd reason, our permalinks broke. That meant every page except our homepage was returning a 404 error. One of our users reported it, and we fixed it fairly fast. All we had to do was go to Settings » Permalinks and click Save Settings to rebuild permalinks.

WPBeginner Broken Permalinks

On ThemeLab, Yoast SEO was deactivated without our knowledge. Apparently when the auto update happened something went wrong with the process which caused the plugin to deactivate.

Since this was such a subtle change which didn’t affect the site’s functionality, we didn’t catch it for a few days. Yoast SEO is crucial for search engine optimization because it handles your meta information, sitemaps, etc. All of that functionality was gone.

Google Webmaster Tools was showing a sitemap error because our sitemap URL now returned a 404.

Sitemap 404 Error

Worst, our broken meta titles started being indexed which we are not sure how long it will take to recover from.

ThemeLab Search Results

This issue was reported by several users in the comments of Yoast’ blog post.

Yoast Comments

The worst part about this update was that the core team did not communicate with site-owners. So there is a very good chance that some people haven’t even realized that their SEO is at risk because of a security update that possibly deactivated their main SEO plugin.

Final Thoughts

WordPress automatic updates for core is new, and automatic security updates for plugins has only been done TWICE … ever!

Normally when WordPress core updates, there is an announcement that follows with it.

However with the past two automatic plugin updates, we haven’t seen a blog post or an email from WordPress.

We fully support the efforts of improving security, but site owners should be notified of every change that is made to their site.

It would be nice to have the WordPress team send an email when they push out security updates to a plugin. Also there should be a way to notify the site owner if the update wasn’t successful, so they can fix the issues as soon as possible.

We hope that there is better communication and more transparency in these security updates in the future.

What are your thoughts automatic updates? Would you keep them enabled or use the above method to disable them? Let us know by leaving a comment below.

Editorial Staff at WPBeginner is a team of WordPress experts led by Syed Balkhi. Page maintained by Syed Balkhi.

WPBeginner's Video Icon
Our HD-Quality tutorial videos for WordPress Beginners will teach you how to use WordPress to create and manage your own website in about an hour. Get started now »


  1. George Applebee says:

    My horror story was about falling for the concept that backing up my website would protect me from a WP major upgrade.

    After manually upgrading my site with a major upgrade, the site broke, so i went to my favorite save my *ss backup software Updraft plus, only to find that the WP upgrade changed the database structure and file names. The backup was worthless because the database couldn’t be overwritten.

    Arghh! I had to find an older version of WP and start from scratch with a new DB and WP install. I could then use my backup software to get my client’s website back by installing the plugin. Be aware, WP upgrades can totally change the database structure!

  2. pabster says:

    After months of having auto updates totally disabled with the ‘WP_AUTO_UPDATE_CORE’ false tweak, my WP has managed to auto update on its own!! I was in 3.9 and now all of a sudden I’m in 4.2.2. How’s that possible? Do those folks still have some secret, hidden ace under the sleeve for forcing auto update on people like me?

    • WPBeginner Support says:

      Sometimes web hosts auto update out-dated software on their servers. Contact your hosting provider.

    • Eoin says:

      My website also auto updated even though I have the snippet in the code to prevent it.???
      The hosting company didn’t do it either.
      Any ideas?

  3. Una says:

    I hate automatic WordPress updates. The last one broke my theme.
    So thank you so much for the way to diable this.

  4. J Man says:

    I wonder who had this rather crazy idea in the first place…

    • pabster says:

      It’s a totally commercial thing. Nothing really much to do with “security” and that kind of mantra. We’re in a capitalistic world, and everything is ruled by money. Even “free” software is. :-)

  5. nathi says:

    Updating automatically is a no go for me, alot of customization is in place and needs to be measured against new wordpress versions before proceeding to update-definitely will use this Code. Thanx

  6. Gadi says:

    Is the automatic update can make any crash with the template version ?

    • grisales says:

      Of course it can happen!

      When you download a theme you should check which WP Version is it compatible with.

      Always keep on mind that you shouldn’t update the core although there is an update release available unless your plug-ins, and customizations have been tested to be compatible with the version you want to update to by you or the authors of such extensions.

  7. Jan Fikar says:

    For me, I hate when something si updated (rewrited) with no control or whatsoever. The might be not compatble plugin having all webpage killed.

  8. Patrick Mercer says:

    Just experienced an automatic update and even though it worked fine, I found this tip and turned off the auto updates as fast as I could. I hate it when something suddenly starts working different and I have to spend time trying to figure out why. I live my life at my pace, not yours.

  9. ElDerecho says:

    Automatic updates are a phenomenally bad idea for web applications. If they screw up the update (like MS has done with Windows updates a number of times), they will be potentially hosing millions of public sites that businesses rely on. Or worse, if the system is exploited, they’d be giving access to millions of servers to hackers, spammers, and who knows who else.
    No to mention, its just plain dangerous to allow executable files (PHP in this case) to be writable by the web server.
    Anyways, thanks for the post.

  10. Agarwalls says:

    Thanks very helpful for me.

  11. gabriel says:

    Thank you, this was really a pain

  12. RobS says:

    I agree this is a bad policy and they should create an on/off option in the General Settings. I want to update in a timely manner, but I have run into many situations where a plug-in doesn’t work with the latest WP upgrade. I usually have to wait until the plug-in dev fixes their plug-ins.

    If WP could guarantee all plugins are upgraded to work with new updates before they deploy, then sure, it makes sense. But that will never happen in an open source world.

  13. Rachel Ramey says:

    For what it’s worth, my sites all DID auto-update through a major release. (3.7x to 3.8x and 3.8x to 3.9x)

  14. Nicole Kavanagh says:

    I totally agree with the WordPress Automatic Updates.

    As a business owner and selling wordpress extensions, our business model arrived just in time.

    Long gone are the days when developers can sell extensions with a lifetime of Updates and Support, who in any business offers a service which is not payed for? It is just not viable or sustainable for any business.

    The up keep for maintaining WordPress and e-commerce extensions to be compatible with newer versions is very demanding on any team.

    This will really add a new dimension for the developers selling extensions that are not maintained. Usually the cheaper extensions, eventually you may find that these developers will not continue to sell their product.

    We started out selling all of our products at a cost of $** offering 1 year of Updates and Support included in this price, any subsequent years thereafter require a new Licence key at a discounted price to continue to receive: Activation, Updates and Support.

    The WordPress automatic updates make sense to us, this is our business and maintaining all of our extensions is what we do.
    It does take a lot of time and testing, and then of course the product information, product descriptions, product screen casts, product documentation all needs to be updated as well.

    There may be some clients that never updated their WordPress, e-commerce extensions, and eventually something will break.

    But then there are also the clients that update their extensions the minute there is a notification there is an Update.

    If all developers are in the same boat with maintaining their code to suit any new versions, it is a level playing field l agree with.

    Nicole from Extension Works.

    • Mac Gyver says:

      Nicole, you are so wrong that I don’t know where to begin.

      First, I did not authorize Yoast to change my update settings, and I’m mad as H__L.

      Second, the rule is NEVER EVER UPDATE BEFORE DOING A WEBSITE BACKUP. When websites do auto update that safety feature is precluded.

      Third, the clumsy auto loading of the WP updates has somehow knocked one of my non-wordpress sites off the internet – Google says:

      “If you are the owner of this web site you have not uploaded (or incorrectly uploaded) your web site. For information on uploading your web site using FTP client software or web design software, click here for FTP Upload Information.”

      That is my oldest website, not wordpress, and the “update hack” that Yoast installed without my permission caused this and more. I have not changed any configuration on the affected website; the auto WP updates to a subdomain of that primary domain caused this.

      Now I have to waste time I had already scheduled to get GoDaddy techs to get my servers straight.

      Believe me, when I finish that task I’ll get Yoast’s attention on social media.

      Edit: There were not one but TWO of my 6 websites knocked offline by the ill-conceived “hack” by Yoast. If you listen closely you can hear me sizzle.

  15. Orangorangan says:

    Thanks for the snippet! i just tought my web has been updated by someone else, freak me out! haha

  16. Mohsin Alam says:

    I want to disable only themes update, not full core update. How to do that? Thanks

    • WPBeginner Support says:

      Mohsin, a better strategy is to create a child theme and make all your changes in the child theme. But if you must stop your theme update, then you can do that by editing the theme header in the style.css file.

  17. anon says:

    Ha! i thought the client had updated the site so i disabled ftp just to find out it’s WordPress default. LOL!

    Never have I heard such a stupid idea in all my time as a developer! How did that get passed – is there an online thread discussing this stupid idea?

  18. Christina says:

    Well, I had a site update to 3.8.2 automatically yesterday and when I went to work this morning, the site’s homepage was broken.

    I use genesis framework and a child theme, so I have not edited the core. The site was almost ready to go live, and now I can only hope genesis can help me fix it.

    I have a backup, but reallllllly don’t need the hassle of that, especially as it was taken a few days ago.

    I will definitely be turning off automatic updates and think they are a terrible idea. Too many variables between plugins and theme conflicts to trust something without taking an immediate backup prior to updating. :O(

  19. Javier says:

    Ok, but what if a hacker takes control over the wordpress server for updates and then push a malicious update?? Half of the websites of the world down, the biggest DoS ever or every server infected with malware. IM FREAKING OUT!!

  20. Joanna Benson says:

    The automatic updates are a bad idea. What about plug-in compatibility issues?! I like to be sure that the principal plug-ins that I use on my website are compatible with the latest version of WordPress BEFORE WordPress is updated. Finding out AFTER when a plug-in breaks my site because it isn’t yet compatible with the latest version of WordPress is a headache that I don’t need. The fact that WordPress wouldn’t have thought about this before implementing the automatic updates is quite surprising!

    • Christian says:

      I agree! Qtranslate, for example, is a pain as it is coded with the latest wp version number written into the code …

    • Mark says:

      I am very wary of installing plugins unless I absolutely need them.

      Plus I always check with the theme developer about conflicting plugins… I’ve had some bad experiences.

      I recommend only using premium plugins because of support and updates

  21. Nicole says:

    I would disable automatic updates because sometimes WordPress updates because a lot of the time it breaks functionality or messes up the layout on the site. This happens when I’m using a theme that doesn’t work with the new version of WordPress, or if my site is integrated with the Yii Framework (PHP MVC architecture). It’s better if i’m able to test out the update on a test site instead of the live site automatically updating.

    Thanks for the information on how to disable!

  22. Todd Nagel says:

    Thank you for this, I manage quite a few wordpress sites, not everyone has the budget to be where they would like to be at all times, not all the sites have the ‘best’ of code, some are way old so are using older plugins, lots of things can go wrong in an update..

    WordPress adding this in without ‘warning’ really is kind of wrong in my opinion.

    and my manual update to 3.8 the other day broke a website because the contact form 7 extra plugin for ‘uplicate confirm email’ is outdated..

    as long as you stay within a few updates, your going to be pretty secure, and we always do it on a ‘dev’ folder first..


  23. Mel Brady says:

    The last update ruined my good working product. It took a couple days to repair. Is this going to happen on all wordpress updates. I’ve got more to do then fixing my site.

  24. Sharon J says:

    i don’t like automatic updates because I would rather wait in case there are bugs. Also, if there is a problem I have 80-100 customers. What if there is a problem on ALL those sites? I am going to disable automatic updates on my site and on future sites for sure.

    • Jocelyn Wing says:

      I’m with you Sharon. It’s a disaster waiting to happen. That’s why I am here because I have a client who noticed and complained about why his website look keeps changing.

      Thanks to WordPress community for making the software more secure.

      Thanks for the advice here.

  25. Arend says:

    I think I have enough off those peoples who think any non technical computer-user is a moron
    I think that the sheer arrogance of the WordPress developers is something I don’t want
    to deal with any longer, so after 6 years of happy using it’s goodbye to WordPress….
    and on the look-out for a new Cms sytem without developers trying to make my decisions

    • Eni says:

      Something pretty strange is going on over the Internet. From G, FB,WP…hosting companies…, “security” softwares….., open source browsers and other software we need to use the Internet….seems like everyone is hurrying over each other to make our life “easier” and “safer” by full beg of automatic updates and other “services” running “on our behalf”, with little or no control on our side what’s going on and what’s being done.
      Automation like that very likely may destroy peoples long-years efforts results in a second,
      without anyone being responsible for such effect.
      Coz’ things are complicated and not synchronized to the point that in most cases you would need to spend months if not years to locate where problem(s) arouse from .I doubt anyone of us could deal with such situation. Anyone using WP knows that you need at list 10-20 plugins to make it work per your essential needs. And just coping with plugins and WP updates none of them synchronized with each other, costs you too much time, nerves and energy. Seems like we should be occupied only by doing that.

      Makes no sense.
      Not good.

      • JOhnne says:

        Of course it makes sense, it is totally necessary automatic browser updates or we would be stucked in the old ie 6/7 until now with all kind of old css support. You can be angry, but all developpers are thankfull for browser updates, it’s the way microsoft should have done long time ago and we wouldn’t have this crap ie 6 / 7 / 8 versions running until now. We have a major delay in web creativity and innovation today becouse of this, and we are slowing getting of this cenario!

  26. Umm No says:

    Brought a site down today with the 3.8.1, didn’t even know this would happen. turned it off on all other sites. Won’t allow that to happen again. Update on a friday so I can spend my weekend cleaning up the mess they make. and then delete all threads started on wp support about broken sites. Seems like they don’t want people to know they break sites and leave it for you to clean up the mass

  27. Barbara says:

    My two cents: Automatic updates seem to always happen to me at the most inconvenient time. That’s reason enough to turn them off. Thanks for the article!

  28. Glen says:

    I have been a WordPress user since 2007, and since added 3 more websites using WP. I have always updated my own sites when new versions of WP became available. When learning about updates back in 2007 I recall that specific and important instructions were given that all plugins must be disabled before updating to a new version of WP. Therefore, I’ve always done that. Now, with the automatic update for minor versions, my sites are being automatically updated. Does that mean they disable the plugins? If not, what has changed that plugins no longer need to be disabled? I’m a little nervous about this.

    • WPBeginner Support says:

      Glen, there is no need to worry about that. During the update, WordPress puts your site in maintenance mood which is just like disabling plugins. It then updates your site and then turns off maintenance mood.

      • Glen says:

        Thanks a whole bunch, support. I probably should have known that. You’ve certainly put me at ease over this. My previous concerns have gone out the window. Again, thank you.

  29. where to add the code? says:

    you say what file to add it to. where to we add it in that file? my config file has lots of stuff in it that I dont want to mess up. where do I paste the code in that file? need more info please.

  30. Brian says:

    I have two websites that were totally broken last time the updates took place. I have changed core files on and I am very inexperienced at making child themes. I just don’t seem to be able to do it. Just call me ignorant. But I wonder if I create child themes one day, I could then go ahead and enable automatic updates on these two sites and the auto updates will no longer break the sites.

    • WPBeginner Support says:

      Brian yes this is why child themes are recommended.

      • Brian Humek says:

        Just had to visit your site again today to double check how to disable these updates. I saw WP had updated some of my sites and I guess I’m forgetting a lot these days. I double checked and found my two sites which were messed up in the last update were indeed disabled.

        Again, kudos to your easy tutorial.

  31. Nathan says:

    Will adding this line of code into my configuration file help multi-site installations? I need clarification / verification before running that.

  32. Paul G. says:

    Hey guys,

    I thought I’d let you know of an addition we’ve made to our plugin which lets you completely customize most of the WordPress Automatic Updates for your sites.

    You’ll find it under the “Auto Updates” section of the WordPress Simple Firewall ( )

    Hope you like! :)

  33. Barbarella a.k.a. The Mad Cat Lady says:

    Not happy with being “forced” to have automatic updates without the option of turning them off. Even though I know how to put this code into wp-config.php, other people might not have a clue, and I think we should at least be given an on/off switch in the dashboard where we could have the choice to disable automatic updates if we wanted to.

    Thanks for this snippet of code though. I will apply it to all my sites now (and I have a LOT of WP sites!).

    • Rachel Ramey says:

      I absolutely agree. The WordPress user documents themselves specify to ALWAYS BACK UP before updating, and now we don’t have that option because our sites update themselves without asking our permission. And you have to hack the code to turn it off. That’s ridiculous and utterly FOOLISH!

      If they’re going to make this a default, then I’m with you – there needs to be an “off” switch or checkbox in the settings.

  34. Patty Ayers says:

    Syed, I’m wondering why the code you provide here seems to be strongly discouraged by Andrew Nacin in this post:

    “The constant AUTOMATIC_UPDATER_DISABLED can be used to disable the automatic updater entirely. It’s like DISALLOW_FILE_MODS — no changes allowed at all — but it’s specific to the auto updater.

    Don’t use this to block only core updates! You’ll also be blocking a lot of other functionality. You won’t get translation updates (language packs) for core, themes, and plugins. You won’t receive update notifications sent via email to alert you of new WordPress releases. It also disables all opportunity for fine-grained control.”

    Or am I (likely) misunderstanding something?

  35. Erni says:

    Are you sure that the code with “true” is right, or is this a mistake and you’ve to add “false” to the code to disable the updates?

    For my self I want to update wordpress alone, without any background updates. It would be cool if you’ve an option to decide yourself to deactivate automatic updates.

  36. Jenny says:

    Thank for this tip, I always prefer to test the compatibility of a new version with plugins installed before using it in production

  37. adolf witzeling says:

    Thank you for posting this quick tip. I just installed WP 3.7 and although I DO want to run the latest version, I still want to be in control in regard to updates-it just makes me nervous something changing without me being aware of, because if something goes wrong after I make a change at least I have a good idea where to start troubleshooting. I recently installed a plug-in updater (which supposed to automatically update my plug-ins) and all I was left with was a blank screen!!. Took me (bloody beginner) a while to get it back up and running. The plug-ins weren’t the problem the updater was, by ignoring some of the installed versions [i.e. 2.3.1 and ignoring the third digit -the (.1)] Don’t wanna go through that shit again.

  38. Cam says:

    @ Henk – For the most part i agree with you, however there are situations in which automatic updates may not be desirable. In my own case I disabled auto updates a while back due to the fact that I have my own system of checks and balances in place. I think that for those users who are vigilant about updating and maintaining their sites, auto-updates are less important than they would be for most users.

  39. Elizabeth says:

    I was horrified after upgrading to 3.7 to see the notice that updates would be automatic. Thank you for posting this fix. I’m still struggling with learning how to use the theme functions file so still have a number of changes to the core files. I know it’s ill-advised but all the changes I’ve made are cosmetic….

  40. Christopher Simmons says:

    Also worth noting, on some installs the permissions may not allow for WP to do *any* updates if the system was installed through an RPM via something like Plesk/Parallels where the folders are “owned” by Apache; these sometimes need to be manually upgraded as any update will fail and possibly break both core and plugins (if WP tries to update plugins also).

    • Christopher Simmons says:

      Ah. Update: turns out on sites with special permissions/security, WP cleverly will show this banner after 3.7 upgrade:

      This site is not able to apply these updates automatically. But we’ll email [adminemail] when there is a new security release

  41. Viktoria Michaelis says:

    A dashboard link to disable or enable would have been a far better solution than having to update a line of code.

  42. Keith Davis says:

    Hi Guys
    I was taught to disable all plugins before and upgrade and reactivate after upgrade – don’t people do that any more?

    Good to know that it can be disabled and thanks for showing how.

  43. Curt says:

    I’ve been a ( paranoid ) systems administrator for some decades now, and one thing I’ve learned ( Micro$oft taught me very well ) is to NEVER, ever, under ANY circumstances, EVER enable auto-update of anything !
    Run it in a sandbox test environment first, to make sure someone’s idea of an “improvement” doesn’t fatally break something you depend on.
    I’ll be adding that line for now, but I am SO with Ann-Marie above.
    A plug-in autoupdate disabler patch right now, and a configurable option in the core ASAP if not sooner.

    • Curt says:

      And, I’ve just discovered this update DID break a depended on function in .htaccess, by completely replacing my finely tuned config without making a backup.
      Good thing I’d learned this long ago, and make my own backups as *I* see fit.

  44. ann-marie says:

    I am hoping someone comes up with a plugin to stop auto updates.
    I am not confident about adding that line of code.
    I have 12 sites.

  45. Himanshu G says:

    you are right sometimes we are required to make changes to wordpress core files and we don’t want automatic updates as they can remove those changes done…

    I was also interested in knowing that will this feature gonna automatically update plugins and themes also or just the wordpress install (as if we do not makes changes in WordPress than let it be updated automatically…)

  46. suneel says:

    great info…

    Thank U

  47. Angelika says:

    You rock! Thank you for your awesome posts! This is very appreciated.

  48. Henk says:

    Do NOT disable automatic updates. They exist for a reason!!
    It’s a 1000 times better to have the slight possibility of your site breaking due to an update than have a serious possibility of it being hacked.

    • Silver says:

      Henk, it depends. When this WP project is business critical then this is bad when this automatic update takes site surprisingly down.
      Those project needs attention and those can updated by manual and when errors occurs then you can immidietly make needed corrections …

      But when this is some personal blog or something similar then this is good

    • Kevin Edwards says:


      “It’s a 1000 times better to have the slight possibility of your site breaking due to an update”

      For some of us it’s not a slight possibility, but rather a 100% guarantee that an update is going to break the site. I manage several sites that break on updates due to WordPress changing the way it handles enclosures and a necessity to edit functions.php after each update to avoid enclosures from being auto-deleted from my posts.

      By disabling auto-update, I can still update in a timely fashion, without worry that at any random time my sites will just break.

      • Katie says:

        @Kevin – we’re having a problem with the enclosure update, too. What did you add to your functions file to keep these from being auto deleted? Thank you :)

      • Eni says:

        Would like to know this as well.

        do we need to add additional codes to wp-config.php to prevent auto-updates for theme and all plugins ?
        I’m referring to:

        “…The previous configuration options are all-or-nothing. You may, however, want something more fine-grained. The auto_update_$type filter (auto_update_core, auto_update_plugin, auto_update_theme, auto_update_translation) is fired for specific updates…”
        May I add lines:
        define( ‘WP_AUTO_UPDATE_THEME’, false );
        define( ‘WP_AUTO_UPDATE_PLUGIN’, false );
        do disable theme and plugins auto-updates ???

        I’ve created a child theme, so could I somehow include those codes in my child theme’s files
        (functions.php ???)
        so they don’t get overwritten forcing me to write them all over again with every next WP update??

        Any input would be much appreciated, thanks

    • Andy says:

      Sure, if you are just running a blog or whatever like the average WordPress user then it makes sense to have automatic upgrades because WordPress is notoriously insecure due to the large amount of outdated code people are running on their sites.

      However, automatic updates are an absolute no no in large businesses to enterprise companies where there is a team of devs doing regular maintenance. Everything needs to be version controlled and tested.

      I work most often with Drupal and one of the great things they do is separate security updates from other updates, so there is less chance of breaking your site but also a higher level of security. WordPress on the other hand just lumps in security updates with regular updates.

Add a Comment

We're glad you have chosen to leave a comment. Please keep in mind that all comments are moderated according to our comment policy, and all links are nofollow. Do NOT use keywords in the name field. Let's have a personal and meaningful conversation.