WordPress plugins always improve the website quality providing additional features both for WordPress SEO and also the user interface. I am using an average of 12 plugins on all my sites. I use them to improve page speeds, add SEO tags, for caching static content, etc. Using plugins can be beneficial when you don’t have really good WordPress developer friends or maybe you don’t want to waste your time.
But it can be also risky. Because if you don’t update your plugins to the latest versions, your site may be at risk. Every day several plugins face new threats including insertion or XSS attacks. If your plugin is targeted for one of those threats and one of the hackers find out you are using that plugin, then boom. Your site is gone.
Well, most of the WordPress hosting companies provide backup services nowadays.
But generally, if you are using cheap hosting as I do, you may not have a complete backup of your site.
Auto-Updates Solve a Problem
When you enable WordPress auto-updates for plugins, that solves the security problem. Your site will have all the latest security updates even if you don’t visit it for a year. That is definitely a good solution for most static content websites like business or portfolio websites.
When you have auto-updates enabled, WordPress compares installed plugin versions with the latest using a cron job. For auto-updates to work properly, your WordPress hosting should allow WordPress cron jobs. Otherwise, your plugins will be only updated when you visit the admin page manually.
That’s a happy path, and everything works for you automatically.
Auto-Updates Brings a Problem
Enabling auto-updates on all your plugins brings a problem. Compliance. When your plugins are updated automatically you may face several issues with compliance.
Maybe the latest version of the plugin doesn’t have the function your theme developer used, because plugin developers may think that everyone is reading the changelogs.
Or maybe a plugin decided to change its settings profile completely without migrating proper options, or they removed some of the existing functionality that was critical for your website.
Then when you come back from your vacation, you see your website was hacked by WordPress itself!
Your website started giving errors or maybe your SEO statistics fall drastically?! All your hard work may be gone on a bad decision of the plugin developers.
My advice, which I precisely do the same on all my websites, do not enable auto-updates for plugins if you care about SEO, if your website is monetized, or it is a critical website that should be available at all times.
However, if your website is a personal blog, a portfolio, or a business website (with only local SEO) then it may be best to use it. Because that kind of website is not managed daily. They are updated from time to time, and generally by a WordPress consultant or a freelancer.
A final note; If you don’t know how to enable auto-updates, then you should probably enable auto-updates.
Ask your consultant, hosting provider, or developer friend to do that for you!