How Configure WordPress to Automatically Update

computer on lamp with keyboard
computer on lamp with keyboard

By default, WordPress is designed to update itself when updates are available automatically. Therefore, the one thing one must do for WordPress to update itself is to validate that WordPress installed directory has the correct file permission for the web user.

How can one configure a WordPress site to auto-update if it’s not already enabled?

WordPress blogs and websites get hacked due to outdated plugins, themes, and WordPress files. So if every WordPress site online today would configure auto-update, successful WordPress hacking would reduce dramatically.

These outdated plugins and themes open the door to potential hackers who quickly take over these obsolete sites. Once the sites are compromised, they can be used to attack other legitimate sites or distribute viruses and spyware programs.

This brief tutorial shows students and users how to configure WordPress to automatically update and prevent hackers from taking over your WordPress blogs and websites.

Turn on the WordPress auto-updating feature.

To ensure your sites are up to date, open the WordPress wp-config.php file and insert the code below. Place the highlighted code just above the line:

/* That’s all, stop editing! Happy blogging. */

Open the WordPress wp-config.php file by running the commands below.

sudo nano /var/www/html/wp-config.php

The file may be in a different directory than above. But the location above is mostly the default on most Linux systems.

/* Auto Update WordPress Core */
define( 'WP_AUTO_UPDATE_CORE', true );

/* That's all, stop editing! Happy blogging. */

Save the file, and you’re done.

Automatically Update WordPress Installed Plugins

Plugins installed from the WordPress directory will always alert you when updates are available. However, these plugins will not automatically install newer updates, even if they’re essential and critical.

The majority of WordPress security vulnerabilities can be attributed to outdated plugins. To protect your sites, make sure to update your installed plugins constantly. To make that easier, turn on automatic updates of all plugins.

Add the line below code to the WordPress wp-config.php file to do that. Then, run the command below to open the file.

sudo nano /var/www/html/wp-config.php

Then add the code below.

add_filter( 'auto_update_plugin', '__return_true' );

Save the file, and you’re done.

Auto update WordPress installed themes

Another step is to configure WordPress to update installed themes automatically. Again, when you install themes from the WordPress directory, they will allow you to update them when updates are available.

One thing to remember is that any changes you made to the theme might be erased after updating. That’s why creating child themes is recommended.

To automatically update WordPress installed themes, add the code below to WordPress’ wp-config.php file.

sudo nano /var/www/html/wp-config.php

Then add the code below to the file and save.

add_filter( 'auto_update_theme', '__return_true' );

That’s it! Implementing these three steps might help prevent hackers from compromising your sites.

If your WordPress directory permission isn’t correctly configured, WordPress won’t be able to update. You make sure the webserver user has the appropriate rights to the directory.

It can be accomplished by running the commands below on Ubuntu servers:

sudo chown -R www-data:www-data /var/www/html
sudo chmod -R 755 /var/www/html

Restart apache2, and you’re done.

Please add to this if you have better ways to protect WordPress sites.


Posted by

I love computers; maybe way too much. What I learned I try to share at

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: