How Configure WordPress to Automatically Update

By default, WordPress is designed to automatically update itself when updates are available. The one thing one must do for WordPress to update itself is to validate that WordPress installed directory has the correct file permission for the web user.

How can one configure a WordPress site to auto-update if it’s not already enabled?

A common reason WordPress blogs and websites get hacked is due to outdated plugins, themes, and WordPress files. So if every WordPress site online today will just configure auto-update, successful WordPress hacking will reduce dramatically.

These outdated plugins and themes open the door to potential hackers and these hackers will take over these outdated sites with ease. Once the sites are compromised, they can be used to attack other legitimate sites or distribute viruses and spyware programs.

This brief tutorial shows students and users how to configure WordPress to automatically update and prevent hackers from taking over your WordPress blogs and websites.

Turn on the WordPress auto-updating feature

To ensure your sites are up to date, open the WordPress wp-config.php file and insert the code below into it. Place the highlighted code just above the line:

/* That’s all, stop editing! Happy blogging. */

Open the WordPress wp-config.php file by running the commands below.

sudo nano /var/www/html/wp-config.php

The file may be in a different directory than above. but the location above is mostly the default on most Linux systems

/* Auto Update WordPress Core */
define( 'WP_AUTO_UPDATE_CORE', true );

/* That's all, stop editing! Happy blogging. */

Save the file and you’re done.

Automatically Update WordPress Installed Plugins

Plugins that are installed from the WordPress directory will always alert you when there are updates available. These plugins will not install newer updates automatically, even if they’re very important and critical updates.

The majority of WordPress security vulnerabilities can be attributed to outdated plugins. To protect your sites, make sure to always update your installed plugins. To make that easier, turn on automatic updates of all plugins.

To do that, add the line below code into WordPress wp-config.php file. Run the command below to open the file.

sudo nano /var/www/html/wp-config.php

Then add the code below.

add_filter( 'auto_update_plugin', '__return_true' );

Save the file and you’re done.

Auto update WordPress installed themes

Another step is to configure WordPress to automatically update installed themes. Again, when you install themes from the WordPress directory. they will allow you to update them when updates are available.

One thing to remember is that any changes you made to the theme might be erased after updating. That’s why creating child themes are recommended.

To automatically update WordPress installed themes, add the code below to WordPress’ wp-config.php file.

sudo nano /var/www/html/wp-config.php

Then add the code below into the file and save.

add_filter( 'auto_update_theme', '__return_true' );

That’s it!  Implementing these three steps might help prevent hackers from compromising your sites.

If your WordPress directory permission isn’t properly configured, WordPress won’t be able to update. You just make sure the webserver user has the appropriately rights to the directory.

It can be accomplished by running the commands below on Ubuntu servers:

sudo chown -R www-data:www-data /var/www/html
sudo chmod -R 755 /var/www/html

Restart apache2 and you’re done.

If you have better ways to protect WordPress sites, please add to this.