Earlier today, release lead Josepha Haden announced the team was pushing back the release of WordPress 5.6 Beta 4 to Thursday, November 12. The beta release was slated to go live today. Questions around the readiness of the auto-updates feature held the beta update back. However, those questions are now resolved.
Haden followed up the Beta 4 announcement with a more in-depth picture of how auto-updates will change for WordPress 5.6. She summarized the current concerns, laid out a path for version 5.6 and 5.7, and discussed plans for the future. The auto-updates feature is not something that will be complete overnight or in just one release. There are complex technical hurdles that must be jumped and a need for a dedicated focus in upcoming releases.
Much of her post focuses on the tactics going forward. However, she mentioned in our chat that she does not want the community to lose sight of the big-picture, vision-setting aspects of the project.
“The subject of auto-updates has resulted in many complicated discussions,” she wrote. “As I reminded the release squad, decisions like these require us to remember that we’re contributing to over 30% of the web, and we have to balance our immediate needs with long term planning.”
The short-term plan is to allow current WordPress users to opt-in to major updates while enabling auto-updates for both minor and major releases for new installations. Some changes to the auto-updates UI are also in the works along with a plan to revise based on feedback in WordPress 5.6.1.
In WordPress 5.7, which is several months away, the goal is to add a nudge on the Site Health screen for anyone opted out of major updates. We could also see a setting to opt-into updates as part of the WordPress installation flow for new sites.
The big picture that Haden is talking about? That is to make sure that all WordPress installations are receiving auto-updates, that these updates are seamless, and that users are running a secure version of WordPress.
Nearly two years ago, WordPress project lead Matt Mullenweg outlined nine goals for 2019. One of those goals was to provide users a method of opting into automatic updates of major releases. It has taken WordPress a while to get there, but it is on the cusp of launching this feature that many have looked forward to.
Haden also further clarified that goal. She said that the long-term plan for both Mullenweg and the other original feature contributors was to always have auto-updates for major releases enabled by default.
Apart from those who already prefer to opt-out of any sort of automatic updates, some users’ trust in the system eroded a couple of weeks ago. The WordPress auto-update system updated sites to version 5.5.3-alpha instead of 5.5.2 — WordPress currently automatically updates only minor releases. While there was no difference between the two versions and the core team quickly resolved the problem, the damage to user trust was already done.
This was not an ideal leadup to the December launch of auto-updates for major releases.
However, one hiccup — one that was effectively not an issue — seven years after WordPress 3.7 launched with security and maintenance updates is not too bad. The system has been a boon to making the web a more secure place. Ultimately, that is what auto-updates are all about. The big goal is to make sure that all WordPress sites are running on the most secure version available.
“It’s important that whatever we implement isn’t taking us further away from our long term goals of having seamless, auto-updates across the project,” wrote Haden. “Auto-updates can help us have a more secure WordPress ecosystem, and in turn can help change the public perception of WordPress being an unsecure choice for users of any skill level.”