To auto-update WordPress or not to auto-update…

Static and headless WordPress. In one click.

The latest version of WordPress just rolled out, and it includes a number of really exciting features. Among my faves are:

  • Built-in XML sitemap (although they’re pretty basic so we’ll stick with Yoast’s Sitemaps for now)
  • The ability to define a WP installation’s environment (i.e. dev vs. production)
  • Support for Chrome’s Lazy Load for images

An interesting new feature is auto-update for themes and plugins. Now you can set plugins and themes to update automatically — or not! — in the WordPress admin. So you always know your site is running the latest code available.

You can also turn auto-updates on or off for each plugin or theme you have installed — all on the same screens you’ve always used.

Updating is critical for security, however…

Updating is critical for maintaining a secure WordPress installation so anything that helps with that is praiseworthy. However, theme and plugin updates can often introduce their own problems, whether it’s compatibility issues that break stuff or even new security vulnerabilities that are inadvertently pushed out in an update.

WordFence wrote a fantastic post explaining all of this and breaks up their recommendations as to whether a site should use auto-updates based on personas.

No need to frantically update WordPress with Strattic

With Strattic, you actually don’t have to hurry to update anything on your WordPress site. On Strattic, your WordPress site is hosted in a secure dedicated container that can only be accessed by authenticated users on your team, and it shuts down when not in use for an extra layer of security. If your WordPress site does have security vulnerabilities, they get left behind when you generate the static version of your site. The web (and all those eager hacker bots) only have access to the static version of your site, and since that is just a collection of static files, the vulnerabilities common to WordPress sites become irrelevant and there’s basically nothing to hack.

So the hacker bots, searching for sites with known published vulnerabilities, who find your statically generated version of your WordPress site powered by Strattic, will be extremely disappointed and will have to move on. Take that, hacker bots!

You can read more about Strattic and how it impacts security on our blog: