ZeroToWP

Auto-Update

Quick Definition

Auto-updates are WordPress's built-in system for automatically installing new versions of core, plugins, themes, and translations without you having to click anything.

WordPress plugin and theme auto-updates documentation on wordpress.org

What Is Auto-Update?

Auto-updates in WordPress automatically install new versions of software on your site without manual intervention. WordPress handles four types of auto-updates, each with different default behaviors:

  • Minor core updates (e.g., 6.9.3 → 6.9.4) — Enabled by default since WordPress 3.7. These are security patches and bug fixes. You should never disable these.
  • Major core updates (e.g., 6.9 → 7.0) — Enabled by default on new installations since WordPress 5.6. Older sites may need to enable this manually via Dashboard > Updates.
  • Plugin updatesDisabled by default. Since WordPress 5.5, you can enable auto-updates individually for each plugin from the Plugins screen. An "Enable auto-updates" link appears next to each plugin.
  • Theme updatesDisabled by default. Same per-theme toggle available at Appearance > Themes.
  • Translation updatesAlways enabled. Language packs are small and safe to update automatically.

You can also control auto-updates through constants in wp-config.php:

  • define( 'AUTOMATIC_UPDATER_DISABLED', true ); — Disables ALL auto-updates (core, plugins, themes, translations). Use this only on sites where you need complete manual control.
  • define( 'WP_AUTO_UPDATE_CORE', true ); — Enables auto-updates for all core releases (minor + major)
  • define( 'WP_AUTO_UPDATE_CORE', 'minor' ); — Only auto-update minor releases (the default for older installations)
  • define( 'WP_AUTO_UPDATE_CORE', false ); — Disables all core auto-updates

Important: enabling auto-updates for a plugin does not mean it will update immediately — it means that when a new version is available, WordPress will install it automatically without waiting for you to click "Update."

Auto-Updates in Practice

For most sites, the recommended configuration is: keep minor core updates and translations on automatic (the default), enable auto-updates for trusted plugins that you rely on (like your SEO plugin or security plugin), and leave major core updates manual so you can test on a staging site first.

The risk with plugin auto-updates is that a bad update can break your site while you are asleep. This is why backups are essential — if an auto-update causes problems, you need to be able to roll back. Many managed WordPress hosts offer automatic backups before updates and visual regression testing that catches layout issues automatically.

Site management tools like MainWP give you a middle ground: review available updates across all your sites from a single dashboard, then approve them in bulk rather than logging into each site individually.

Why It Matters

Outdated plugins and themes are the #1 attack vector for WordPress sites. Auto-updates keep your site patched against known vulnerabilities without relying on you to check manually. The trade-off between convenience and control is real — but for most sites, the security benefit of staying updated outweighs the small risk of an occasional breaking change.

Sources

Related Terms

BackupA WordPress backup is a complete copy of your site — files, database, themes, plugins, and media — stored separately so you can restore your site if something goes wrong. Regular automated backups are the most important safety net for any WordPress site.PluginA plugin is a package of code you install on your WordPress site to add new features or extend existing ones — like adding a contact form, improving SEO, or setting up an online store.Staging SiteA staging site is a private copy of your WordPress site where you can test changes — plugin updates, theme switches, design tweaks — without affecting your live site. If something breaks, only the staging copy is affected.Staging SiteA staging site is a private clone of your live WordPress site where you can test changes — plugin updates, theme switches, code edits — without affecting your real visitors.

Related Articles

WordPress 7.0: Everything You Need to Know (April 2026)WordPress 7.0 launches April 9, 2026 with real-time collaboration, a redesigned admin, new blocks, responsive editing, and an AI foundation. Here is everything that is changing.WordPress Security — The Complete Guide to Protecting Your SiteAfter 20 years of building WordPress sites, I've cleaned up more hacked sites than I care to remember. Most of those hacks were completely preventable. This is everything I know about keeping WordPress secure — no fear-mongering, just practical steps that actually work.
← Back to WordPress Glossary