#55185 closed defect (bug) (invalid)
Auto-updates despite disabled
Reported by: | Psychosopher | Owned by: | |
---|---|---|---|
Milestone: | Priority: | normal | |
Severity: | normal | Version: | |
Component: | Plugins | Keywords: | close |
Focuses: | Cc: |
Description
The plugin UpdraftPlus WordPress Backup plugin updates automatic also when auto-updates is disabled.
It is the only plugin with this problem. Despite this it is for the support of the plugin a core problem and I have to open a ticket:
https://wordpress.org/support/topic/automatic-updates-if-the-option-is-disabled/
Change History (4)
#2
follow-up:
↓ 3
@
3 years ago
This has never been the case in all this years also there were very severe security issues.
And it's ennoying if user settings are not respected.
#3
in reply to:
↑ 2
@
3 years ago
Replying to Psychosopher:
This has never been the case in all this years also there were very severe security issues.
And it's ennoying if user settings are not respected.
This article https://make.wordpress.org/plugins/2015/03/14/plugin-automatic-security-updates/ may bring some information and history.
But
define( 'AUTOMATIC_UPDATER_DISABLED', true ); // in wp-config.php // OR a filter to disable automatic updates add_filter( 'automatic_updater_disabled', '__return_true' );
should disable it completely (manual updates only).
#4
@
3 years ago
- Milestone Awaiting Review deleted
- Resolution set to invalid
- Status changed from new to closed
The default state of WordPress updates is to trust the WordPress.org systems, and the plugin and security team has used this to push critical security updates since WordPress 3.7 was released.
So no, auto-updates in WordPress are not off by default, and have not been since 2013.
Hi there, welcome back to WordPress Trac!
This is explained in the Configuring Automatic Background Updates support article:
Based on the linked support topic, it looks like patching a security issue in the plugin is exactly what happened here, which is why an automatic update was pushed even if it was not explicitly enabled.