The importance of updates (a vacation gone wrong)

Imagine yourself on a holiday for two full weeks, no email, no Internet connection, only you, your loved ones, the ocean, and the beach. Then, after a well-deserved vacation, you arrive at the office full of energy and positive thoughts. You sit at your computer ready to share your experience with the rest of the world through your personal blog. Then the worst happens - your website is not working, there's a password prompt asking you to enter unknown credentials, and you have no idea what is going on. You check your email and find a notice from your hosting provider:

There's been a security incident with your website. We have temporarily suspended it until the issue is resolved.

"What happened? Who targeted me? Why am I so unlucky? I've had this website since before I graduated, and that was 100 years ago."

Eventually, it turned out that you installed WordPress, you added a theme and a few plugins, and you never updated any part of the software. You just continued adding more and more posts to your blog. You had the misfortune to install a particular WordPress theme in the past, and its older versions were found to be vulnerable to various exploits, like arbitrary file upload. The newest version of this WordPress theme would have patched the security holes, but the version you used was outdated and no longer secure. Since the hackers attacked your website while you were flying to a sunny and isolated island, two weeks have passed, and you were not even able to recover your files from the hosting provider's system backups. The hackers defaced your website, deleted half of its content, and then started sending spam through your account. You managed to find a file you once saved on your old laptop just to find out that two years of posts are gone! If only you had a tool that could have updated your WordPress automatically while you were away...

This is not fiction, unfortunately. Many WordPress users face this painful reality, and it is not pleasant at all. WordPress is the most popular CMS choice right now, and old WordPress installations are constantly targeted by hackers. If your WordPress themes and plugins are not regularly updated, you risk being a victim of a hacker attack. We have a solution for you, in case you've been hacked, and you are at your wits' end:

Still, you should always make sure to install plugins and themes developed and maintained by reliable authors, who will not abandon the project after a year or two. If a plugin/theme has been discontinued, and a new version is not available at all, an update will be impossible, automatic or otherwise. Once you have a full package of dependable WordPress components, you are ready to activate a special kind of plugin (Must-Use plugin), which will ensure that all parts of your WordPress are always up to date. Let's move to the fun part.

Creating the Auto Update plugin

First, you need to navigate to the /wp-content directory of your WordPress installation. There, you need to create a new directory called "mu-plugins". Navigate to /wp-content/mu-plugins and create a file called "force-auto-update.php". In this file, you should add the following piece of code:

Plugin Name: Automatic Update of Core Files, Themes, and Plugins
Description: Forces the automatic update of all core files, plugins, and themes.
Version: 1.0
Author URI:
License: MIT
// Added to automatically update WordPress core files, plugins, and themes.
// Reference:
add_filter( 'auto_update_core', '__return_true' );
add_filter( 'auto_update_plugin', '__return_true' );
add_filter( 'auto_update_theme', '__return_true' );

Save /wp-content/mu-plugins/force-auto-update.php to complete the activation of the plugin. This plugin will be listed as a Must-Use plugin in your WordPress Dashboard and will always be active, as long as the force-auto-update.php file exists under /wp-content/mu-plugins. The Must-Use plugins cannot be disabled via the Dashboard.

Congratulations! The WordPress core files, plugins, and themes will be automatically updated from this point forward. If you are eager for your WordPress components to be automatically updated, but you do not want to wait or update manually, we have a tip for you. You can force the automatic update with a simple script. Create a file called auto-update-request.php in the root directory of your WordPress installation and add the following piece of code to the file:

  require( dirname(__FILE__) . '/wp-load.php' );

Save the file and visit it at Wait a few seconds, and your WordPress should be updated. It may take a bit longer if you have many plugins/themes waiting for an update. Check the Updates page in your Dashboard to confirm the successful update.

You can find more articles about WordPress and Security here:


Enabling fully automatic updates has the potential to break your website, if any of the WordPress components are not fully compatible with one another.

For example, if a theme you have does not have a version compatible with the latest WordPress core version, the core files will be automatically updated, and the theme may cease to work as expected. Furthermore, if the software developers have made grand changes to the code base, the appearance of the website may be distorted or changed.


A web hosting provider since 2001. We host over 58,000 websites for customers in over 140 countries around the globe.