Keeping WordPress Up To Date, The Automatic Way
Posted on March 27th, 2015
Over the years, I have actively maintained many WordPress sites for various companies, departments, and customers. One of the biggest problems I have seen with WordPress is also one of it’s greatest strengths and that’s the plugin system. Plugins provide so much power for increasing the capability of what a WordPress deployment can do, but this is a double edged sword because plugins are also the leading cause of outages I’ve seen in WordPress sites.
Because a plugin is able to extend the capabilities of WordPress on a very broad level, this also means that plugins are granted a lot of power in what they can do, but plugins are typically third party tools. This means that, even though a plugin may go through extensive design decisions and Quality Assurance (QA) testing, there’s no promise that it has and many have not. The most common problem I have seen with plugins is typically in how they (mis)communicate with SQL. Many plugins can (and do) use some queries that are very poorly optimized and therefore slow or high-resource SQL queries occur. Many will query SQL more often than they should. Generally speaking the queries are often cumbersome to your server. This may not be noticeable when you first launch your WordPress site as you may have low traffic and even if the resource allocation is poor, when your traffic is very low, then it’s easy to overlook these details.
Another common issue I have seen with plugins is they may lead to a server being a source of spam. They may have poor input validation which would allow an attacker to send specifically crafted queries that manipulate your server into sending email that you had never intended for it to send. Imagine running a WordPress site for a flower shop but your server is sending people emails about weight loss pills, viagra, money transfers, or worse. No one wants to see that.
It’s Not All Bad
Not all plugins are as bad as I may have made it sound and I am not trying to paint a grim picture of plugins. Many plugins are well written and avoid all of the above mentioned issues and more, but the Internet and it’s vulnerabilities are an ever changing field and what is secure today may be insecure tomorrow. That is one of the many reasons why plugin updates occur; to address bugs and vulnerabilities that need to be fixed.
WordPress makes it relatively trivial to check the status of your plugins, see updates where they are needed, when they occur, and to manually keep abreast of the situation, but this still requires you to make a point of checking for updates on a regular basis and applying them when they are needed. This is something that is easy to overlook as time passes and many of the issues I have seen with WordPress plugins causing site issues is commonly caused by someone running a plugin which has not been updated in a very long time.
Plugins for Plugins
One of the best methods to address this problem is via a plugin. I know that may sound ironic but the WP Updates Settings plugin is designed to perform automatic updates of plugins for your site. Other plugins which allow you to administer plugins and other updates are Update Control and Advanced Automatic Updates. A word of caution, Advanced Automatic Updates has not been updated itself in some time, which I know is contradictive to the point of this post but it has received many great reviews and can be a formidable tool in your quest to keep updates in check.
When installing plugins, you should always make sure the plugins themselves are in good standing by checking out reviews, last updated dates, etc. As simple as it sounds, a great tactic is to slow down and use common sense. Don’t jump the gun just because the plugin sounds good at first glance. Lastly, while automating updates is a great tool to help stay on top of keeping your site up to date, you should also schedule some time on a regular basis to review your site, your plugins, your config and anything else and make sure everything is still up to par. A little time, effort, some patience and determination are the best tools you can have.
References
How Do I Update WordPress Plugins Automatically?