Opened 2 years ago
Last modified 2 years ago
#57280 new enhancement
Security automatic updates for plugins and themes
Reported by: | JosVelasco | Owned by: | |
---|---|---|---|
Milestone: | Awaiting Review | Priority: | normal |
Severity: | normal | Version: | |
Component: | Upgrade/Install | Keywords: | needs-design 2nd-opinion |
Focuses: | administration | Cc: |
Description
The option to enable automatic security updates for plugins and themes would allow users to secure their websites without worrying too much about significant/major breaking features.
This enhancement would allow more granular control of auto-updates without forcing users to update to major releases.
I propose new toggles in the WordPress Updates page under the Plugins and Themes section at wp-admin/update-core.php:
This site's plugins are automatically kept up to date with each new version
Switch to automatic updates for maintenance and security releases only.
This site's plugins are automatically kept up to date with maintenance and security releases.
Enable automatic updates for all new versions.
The same logic would be applied to themes.
Defining what kind of updates apply to security would be challenging, so I propose starting with popular or problematic plugins.
Hello @JosVelasco, thanks for the ticket,
Given there is currently no way to differentiate a security update from a regular one, I think this will need a sibling Meta ticket to see what can be done to potentially track security updates coming from plugin authors.
Here is the only related ticket I found on Trac but it is not specifically related to security updates. The implementation on WordPress Core is pretty simple, but it depends on Meta to introduce a way to differentiate security updates, which doesn't exist for now, and I have no clue on how to handle that, except adding a keyword in the tag version, like
3.4.1-security
🤷♂️Opening a Meta Trac ticket is probably the starting point for this :)