There will always be some risks involved with auto updates. But minor updates shouldn’t break your site. Shouldn’t… However, with 4.2.3, many site owners woke up to find their site auto updated and severely broken, a little while later the support forums where flooded with messages regarding these broken sites. According to WordPress:
Due to the nature of the fix – as is often the case with security fixes – we were unable to alert plugin authors ahead of time, however we did make efforts to scan the plugin directory for plugins that may have been affected.
With this change, every effort has been made to preserve all of the core features of the Shortcode API. That said, there are some new limitations that affect some rare uses of shortcodes. – WordPress
You can read the full post here.
However as one commenter pointed out:
The change to allowed shortcode usage has NOT just affected a few RARE cases of shortcode uses. It has affected the functionality of hundreds (maybe even thousands) of websites including my own commercial site. Aside from the disaster it has caused to hundreds of web designers who use the excellent Toolset plugins, it has destroyed the functionality of a large number of other plug-ins. The forum is just full of examples today.
Major and minor updates
Automatic Background Updates were introduced in WordPress 3.7. By default only minor updates (4.2.2 to 4.2.3) but not major updates (4.2 to 4.3) are performed automatically, however you can change this in your settings. As minor updates usually only fix security issues or small bugs the site is way less likely to break than on major updates. However that does not mean they never will, as evidenced by the 4.2.3 update.
If an update fails, WordPress doesn’t have a proper system that you can use to quickly roll-back to an older version in order to correct the problem. So the only way to make sure that your site is safe is to have automated full off site backups, which you can use to revert if anything goes wrong.
If you would like to disable auto updates you can view the Codex for more info on how to do that: http://codex.wordpress.org/Configuring_Automatic_Background_Updates
But are the auto updates necessary?
It depends. Do you often take time to maintain your site and check that everything is always up to date? If you do that regularly, then auto updates are probably not necessary. But on the other hand, updates often address security issues.
Is it easier to fix a hacked site or a site that’s been broken by an update? Both will take up your time and unfortunately out of auto updates and vulnerable sites we may be forced to choose between the lesser of two evils. However a vulnerable site that gets hacked may compromise the data on your site, which is something to consider.
All said, unless you are a WordPress pro, it is probably best to trust the default settings of auto updates, this will do the minor updates automatically, and the major updates, as well as plugin and theme updates will be left for you to do. Occasionally, WP will change something that causes your site to break, so it is important that when you get an email saying “You site has updated to WordPress x” you go into your site and make sure everything is still running the way you expect it to be.
If you have anything to add to this discussion, we welcome you to leave a comment below.