There has been talk among the WordPress development community about making WordPress auto-update seamlessly, perhaps even doing away with the traditional development cycle of bug releases and feature releases. Matt has even said “Our vision is that we’re like Chrome,” proposing that WordPress auto-update as seamlessly as Google’s browser. Proponents of the idea suggest that allowing WordPress this ability would improve the security of WordPress installations (as they would always be running the most recent version) and improve development speeds.
However, there are a number of problems with auto-updating software. The paranoid will suggest that auto-updates allows the “Big Brother” to unknowingly install whatever evil-doing code they want on people’s servers. While I can’t say this isn’t possible, my concerns are a little more rational, and unfortunately more likely to affect some system administrators.
Problem 1: The Fanciful
The first problem actually came to me in a dream. It’s sort of weird to have a dream about your website, but it happened.
It was a normal day, until WordPress auto-updated to the newest release, and then at some point I noticed my webserver was only serving blank pages.
A few hours later, one of the WordPress developers realized that a quarter of the blogs on the Internet no longer worked, and found that there was a small coding error (something like a misplaced comma) that broke WordPress core. Then I woke up and realized none of this had actually happened.
This problem is actually realistic enough to be a real concern. While I think that WordPress core is tested enough before release not have bugs like this, there is always the possibility of something slipping by. Auto-updates means this change will immediately affect a lot of people all at once, without any change for early adopters to point out the error and get it fixed before everyone else has upgraded. Also, plugins and themes that aren’t as carefully tested would be more likely to have issues.
Currently, I can review all the changes in any updates before I actually install them on my server. If something breaks, I am there to fix it. However, if WordPress were to auto-update, it could do so when I was not around, leaving my site down for up to a day before I had time to fix it.
This problem would be magnified for users who have their own changes to the WordPress source, as they could find that conflicting changes break their site. With a the current release system, these people know to check for conflicts each time they manually update their site.
Problem 2: The Technical
The other problem with auto-updates affects security-conscious system administrators. On my server, the WordPress files are not writable from the account the Apache process runs under. This defeats many attacks which try to replace portions of the WordPress code with their own code of evil intent.
While this is good for security, it also means that WordPress, which runs under the Apache account, cannot write to itself to do updates. Thus I would have to weaken my system’s security in order to allow WordPress to auto-update.
In Conclusion
While I trust the WordPress developers to do things right, I would prefer that WordPress have the option of not auto-updating. This would allow my server to be more secure, as well as allow me to use something like Git for managing updates and personal code changes on my own.
On the other hand, for managed hosting such as wordpress.com and even general shared hosting providers, it makes more sense to have the hosting platform auto-update so that all the users (who may not be aware of security) always have the latest version.
For the WordPress developers, auto-updates means that new features can be rolled out independently of each other, without waiting for the slower features to be ready for release. However, I would appreciate if some release structure remained. While I am willing to install the occasional bug fix or new release, having to deal with tons of tiny updates here and there could become annoying.
One of the benefits of open source is choice, and so I would like to see WordPress be flexible enough to handle each admin’s preferences. Auto-updating should be an option for those who don’t want to keep constant vigil over their site, while self-hosted installations should be given the options of doing updates on their own. Those who choose to auto-update might be able to get new features ahead of release time. Security and bug fix releases, which are obviously very important, should be released to everyone as soon as they are ready. Meanwhile, releases compiling the small changes (perhaps already running on some auto-updating servers) could still be made available for those who choose to do things on their own.