Make WordPress Core

Opened 17 months ago

Last modified 17 months ago

#57280 new enhancement

Security automatic updates for plugins and themes

Reported by: josvelasco's profile JosVelasco Owned by:
Milestone: Awaiting Review Priority: normal
Severity: normal Version:
Component: Upgrade/Install Keywords: needs-design 2nd-opinion
Focuses: administration Cc:


The option to enable automatic security updates for plugins and themes would allow users to secure their websites without worrying too much about significant/major breaking features.

This enhancement would allow more granular control of auto-updates without forcing users to update to major releases.

I propose new toggles in the WordPress Updates page under the Plugins and Themes section at wp-admin/update-core.php:

This site's plugins are automatically kept up to date with each new version
Switch to automatic updates for maintenance and security releases only.

This site's plugins are automatically kept up to date with maintenance and security releases.
Enable automatic updates for all new versions.

The same logic would be applied to themes.

Defining what kind of updates apply to security would be challenging, so I propose starting with popular or problematic plugins.

Change History (2)

#1 @audrasjb
17 months ago

  • Keywords 2nd-opinion added

Hello @JosVelasco, thanks for the ticket,

Given there is currently no way to differentiate a security update from a regular one, I think this will need a sibling Meta ticket to see what can be done to potentially track security updates coming from plugin authors.

Here is the only related ticket I found on Trac but it is not specifically related to security updates. The implementation on WordPress Core is pretty simple, but it depends on Meta to introduce a way to differentiate security updates, which doesn't exist for now, and I have no clue on how to handle that, except adding a keyword in the tag version, like 3.4.1-security 🤷‍♂️

Opening a Meta Trac ticket is probably the starting point for this :)

This ticket was mentioned in Slack in #core-upgrade-install by paaljoachim. View the logs.

17 months ago

Note: See TracTickets for help on using tickets.