WordPress.org has issued a warning to plugin developers to respect user decisions regarding automatic updates. This reminder followed an incident where the developers of the All in One SEO Plugin enabled automatic updates without obtaining permission.
The statement emphasized that any developer disregarding users’ explicit preferences on automatic updates will be flagged by WordPress.org.
## WordPress Automatic Updates
Automatic updates are a feature in the WordPress content management system (CMS) that allows users to opt-in for their plugins to update automatically. This functionality was made more accessible with the release of WordPress version 5.5, providing users the choice to enable or disable automatic updates.
For years, automatic updates for plugins were somewhat hidden, requiring publishers to modify configuration files manually. The primary benefit of automatic updates is ensuring that the latest versions of plugins, which often include important vulnerability fixes, are always in use. This reduces the risk of a site being compromised by malicious entities. However, automatic updates can sometimes cause conflicts with other plugins or themes, leading some publishers to prefer manual updates for better control and immediate issue resolution.
## All in One SEO Auto Updates
In late November 2020, the developers of the All in One SEO plugin released version 4 and activated automatic updates without user consent. This change was applied even to users who had explicitly chosen not to use automatic updates.
## WordPress Issues Warning on Auto Updates
While All in One SEO is not the only plugin to have taken this step, it is notably among the most prominent since the introduction of WordPress 5.5. Consequently, WordPress issued a formal reminder to the plugin development community to refrain from enabling auto updates without users’ explicit consent.
According to WordPress:
> “You may offer a feature to auto-update, but it has to honor the core settings. This means if someone has set their site to ‘Never update any of my plugins or themes,’ you are not to change those for them unless they opt-in and request it.
> The reason for this is that plugins should not over-reach their authority.”
The announcement also highlighted that automatic updates could lead to unforeseen issues on publisher websites and damage the trust between publishers, plugin developers, and WordPress itself.
In reference to the recent All in One SEO Plugin issue, WordPress called the situation unfortunate:
> “Sadly, this happened recently to a well-used plugin, and the fallout has been pretty bad.”
While there are no immediate plans to formalize guidelines on this matter, WordPress will continue to flag plugins that violate user trust and preferences concerning automatic updates.
## Citation
Reminder: Plugins Must Not Interfere with Updates
