Response from WordPress for rogue plugin updates

A statement has been issued by WordPress.org for the plugin developers to consider the decision of user regarding an automatic update. Reminder has been issued after publishers from ALL in One SEO Plugin have started automatic update without taking any approval from the user.

Through the statement, publishers have been warned about violating wishes of the users about an automatic update. Flag is going to be raised by WordPress.org always against these updates and publishers.

WordPress Automatic Updates

In the content management system of WordPress, automatic updates are generally featured. Users are empowered to choose a plugin for the purpose of automatic update. It is a feature that can be accessed in WordPress Version 5.5. Due to presence of this feature, users may not receive an automatic update without approval.

Some hidden features can be noticed with the automatic updates for plugins. It has been noticed for years.

Previously, if publishers have enabled the automatic updates till now then they may have to make some changes within the code inside the configuration files to disable it.

To get latest plug-ins versions, auto updates can be utilized. From some of the updates, vulnerable fixes can be obtained. In case, some of the update plug-ins are not utilized then there can be chances of encountering malicious hackers.

However, there is a downside of these auto updates also. Some of these auto updates may not be good enough. As a result, conflict may arise with another themes or plug-ins.

Therefore, publishers like to utilize plug-in updates in a controlled manner. In this way, problems can be acknowledged almost immediately.

All in One SEO Auto Updates

In Nov, 2020 All in One SEO plugin publishers have updated in to version 4. They have turned on the automatic update without taking permission from the users. It has happened to those who have tried to avoid the automatic update also.

Warning for Auto Updates

All in One SEO may not have turned on the automatic updates only. However, they are definitely one of the popular ones to do so since the introduction WordPress version 5.5.

Formal statement has been released by WordPress to warn the development community of plug-in software. It has been said that they cannot turn the auto update without approval from the users.

Statement from WordPress.org has stated “You may offer a feature to auto-update, but it has to honor the core settings. This means if someone has set their site to. Never update any of my plugins or themes. The reason for this is that plugins should not over-reach their authority.” Plug-ins should not try to reach a place that has not been authorized.

This entry was posted in Wordpress. Bookmark the permalink.
Return