WordPress 3.7 and Automatic Core Updates

There have been rumours, and it is now official. WordPress 3.7 will have the capabilities to auto upgrade itself, for now limited to core and security releases.

More precisely, by default WordPress 3.7 will auto upgrade to 3.7.1, and followings WordPress Security & Nightly releases. But not to WordPress 3.8, which will represent the next big step in the core development.

That’s a great news for everyone. Keeping your code and the core up to date is fundamental in fighting back malware and general security issues. Along the past years I barely remember a week in which I didn’t have to upgrade something on the sites and networks I manage or taking care of. So I am sure that the feature will save to many some precious time.

How to make it work?

In order for the auto update routine to initialize and complete, Wp-Cron needs to be operational. Otherwise the feature will be unavailable.

In addition, your site or network has to be able to contact WordPress.org over HTTPS connections, so your PHP install also needs OpenSSL installed and operational.

Also, a visit to the site is necessary to trig the procedure. Be aware that once started, the site or network will go in maintenance mode for the time needed. As usual during an upgrade to the core.

How to disable it?

If you prefer keeping updates under control and operating them manually, there is obviously a way to disable the feature. Actually more than one, and I expect them to be slightly different in their outcome for more advanced uses.

First, if the install uses FTP for updates and prompts for credentials, automatic updates are disabled. Also, if the install is running as a SVN or GIT checkout, automatic updates are also disabled.

Otherwise, to disable it manually, it is sufficient to define one or more related constants in the file wp-config.php as the example below.

define( 'DISABLE_FILE_MODS', true );
define( 'WP_INSTALLING', true );

An other method is to set to false the new constant WP_AUTO_UPDATE_CORE (in wp-config.php as well), as shown below.

define( 'AUTO_UPDATE_CORE', false );

This last option seems to be the easiest to implement.

After each update, the users with admin capabilities will receive an email with a summary of the actions taken, if the upgrade successfully completed, and any eventual encountered problems.

Auto Updates to Themes and Plugins

Although not enabled by default in WordPress 3.7, it will be possible to auto upgrade themes and plugins as well. To do so, author of themes and plugins will have to hook into specific filters, auto_upgrade_plugin and auto_upgrade_theme. The routine will not be active by default. Which likely means that well coded plugins and themes will allow an Admin to enable/disable the relative automatic upgrade.

This option is very intriguing and opens up interesting possibilities.

Need some more?

Good news also for the ones who are running WordPress in other language than English. The routine will upgrade any plugin/theme Language Packs installed.

Last, as said early, by default Core Auto-Updates will apply exclusively to WordPress Security (and nightly releases for developers if you are running a “nightly build”). But not to major releases as the incoming WordPress 3.8.

This can be changed defining the constant WP_AUTO_UPDATE_CORE to true in the file wp-config.php, as shown below.

define( 'WP_AUTO_UPDATE_CORE', true );


Automatic Updates will come with the incoming WordPress 3.7. So we still need to wait a little. I believe it will make my life easier and it will open few new possibilities for plugins and themes developers as well.

Can’t wait to work on it.