How-to: Disable or Enable WordPress Automatic Background Updates

WordPress 3.7 automatic background update

In this article, you will learn how to disable WordPress automatic background updates and how to enable/disable WordPress core updates.

WordPress 3.7 automatic background update
WordPress 3.7 automatic background update

WordPress 3.7 “Basie” has been released on October 24, 2013. It does not have many new features like WordPress 3.6 “OScar” but I think it is a very important WordPress version with new automatic background update, stronger password recommendations, and better global support.

WordPress is a secured blogging platform (content management platform, if you like) with frequent minor releases for maintenance and security patch.

However, most bloggers only concentrate on writing and neglect critical WordPress updates, thus allows attackers to invade their WordPress blogs.

By default, automatic update only enabled for minor releases (maintenance and security) and translation files.

It automatically checks and install new updates in the background. You don’t need to touch anything. Cool, huh?

Major WordPress update like 3.7 to 3.8 is not enabled by default, which is thoughtful because you may have incompatible plugins and themes that will break your site in new version.

For advance users, you can change the WordPress Automatic Update’s default settings by adding one line of code in wp-config.php file (backup first!):

To DISABLE ALL WordPress Automatic Updates, add this:

[php]
define(‘AUTOMATIC_UPDATER_DISABLED’, true);
[/php]

To Enable ALL WordPress Core automatic updates (development, minor, and major), add this:

[php]
define (‘WP_AUTO_UPDATE_CORE’, true);
[/php]

To Disable ALL WordPress Core automatic updates (development, minor, and major), add this:

[php]
define (‘WP_AUTO_UPDATE_CORE’, false);
[/php]

Thoughts

Unless you have special needs, I would recommend you leave the default settings untouched – automatic update WordPress minor releases and translation files.

You can find more geek-only information at here.

WordPress Security: How to Protect Against Brute Force Password Attacks

Padlock on a door
Padlock on a door
Padlock on a door (credit: linder6580/stock.xchng)

WordPress has become the world’s most popular blogging system since its first released in 2003. It is now powering over 60 million websites worldwide.

No surprise that WordPress becomes hackers’ attack target. Reported by TheNextWeb, there’s serious brute force attack against WordPress sites across the Internet.

The requests, which are targeted at administrative accounts, appear to be coming from a sophisticated botnet that may be comprised of as many as 100,000 computers, based on the number of unique IP addresses the attacks are coming from.

The brute force attack is targeting WordPress admin panel and try to login using “admin” as username and trying thousands of passwords using unique IP addresses.

Simple WordPress login limit plugins won’t work because those plugins are blocking multiple login attempts from the same IP address. They won’t work for attacks 90,000 unique IP addresses (each IP attempts to login one time).

Fortunately, you can easily protect your WordPress blog against 99% future brute force attacks by applying following security recommendations:

1. Use a strong password

Your WordPress password (in fact, your any password) should be a strong password that’s long, including numbers and symbol. Don’t need to scratch your head to think one, there are many online password generators can help you.

2. Do not use default admin username

Old WordPress installation default to first username as “admin” and you cannot change it from Admin Panel. Recent WordPress versions force you to create a unique username.

If your WordPress username is “admin”, it is time to change that. You can either modify WordPress database entry (not recommended), create a new admin user, or install a WordPress plugin to change the username to anything you like.

While you cannot change WordPress account’s username, but you can create another user account.

We can create a new WordPress admin user, delete the old admin user (username “admin”), then assign all posts by ‘old admin user’ to the ‘new admin user’.

  1. Login WordPress admin panel.
  2. Goto Users > Add New
  3. Fill in the form and choose “Administrator” in the “Role” drop down menu. (Remember to use strong password)
  4. Click on “Add New User” button to add a new administrator account.
  5. Log out WordPress admin panel.
  6. Log in WordPress admin panel using the newly created administrator account.
  7. Goto Users > All Users
  8. Hover the old admin user (username “admin”) and click on the “Delete” link.
  9. On the “Delete Users” page, you will asked to what should be done with posts owned by the “admin” user. Select “Attribute all posts to:” and select your new Admin user.
  10. Click “Confirm Deletion” to delete old “admin” user and assign all posts to new Admin.

If the above 10 steps instructions look too complicated for you, you can install a WordPress plugin like “Admin username changer” to rename administrator username.

3. Update WordPress

Every new WordPress version fixes many bugs and exploit holes and new features to protect your WordPress against attackers. You should always keep your WordPress installation up to date. WordPress Automatic Update feature simplifies the process into a 2 minutes work.

4. Use CloudFlare

CloudFlare is a CDN & security & website optimizer service. It has effectively blocked 60 million brute force attacks against its WordPress customers in a single hour. Sign up free plan to protect your website now.

Verdicts

Things like using a strong password, do not use default username, keeping software up to date are basic and effective methods to protect against attackers.

Perhaps they are too basic that people are often not aware about them. Hopefully this article helps you to secure your WordPress site.

How do you protect your WordPress site? Please share with us in the comment below.

Jetpack 2.1 Adds New Photo Gallery Types to WordPress: Tiles, Square Tiles, Circles, Slideshow

Jetpack Tiled Galleries Preview
Jetpack Tiled Galleries Preview

Jetpack, the WordPress plugin combo for self-hosted WordPress site, adds new “Tiled Galleries” feature in version 2.1.

“Tiled Galleries” allows you to display your in-post photo gallery in 4 new styles: Tiles, Squares, Circles, Slideshow. The Tiles and Squares layouts show captions when you hover the image. The new gallery types are mobile devices friendly, too.

Check out the live examples of all 3 options in this article.

Read moreJetpack 2.1 Adds New Photo Gallery Types to WordPress: Tiles, Square Tiles, Circles, Slideshow

Important Things You Need to Check Before Installing a WordPress Plugin [Flowchart]

face painting and plug
face painting and plug
(Image credit: Corrie – Flickr.com)

WordPress Plugins offer custom functions and features so that your site meets your specific needs. Currently, there are over 20K plugins available in WordPress.org Plugin Directory. Not every plugin is well coded, there’s risk of installing WordPress plugins.

It is not unusual that a bad plugin could bring down the entire WordPress site. I did installed some plugins that cause extreme high server load then brought down the web server. WordPress plugins that are poorly coded could also exposes your site to hacker attacks.

There are some questions you need to ask before you install a WordPress Plugin.

Read moreImportant Things You Need to Check Before Installing a WordPress Plugin [Flowchart]