Nothing is more easy than having a WordPress blog that automatically updates. You can use that time to play with your kid, take the dog out, even play something nice on TV.
Nothing scares me most than a process that is changing anything in my client websites while I’m off my computer playing with my son, walking the dog or watching a movie, and I don’t even know that process started.
I don’t want to realize that a site is down, or broken because my client is calling to give me the notice.
So, what do I do?
Sometimes most of the autoupdates are minor tweaks or security updates, nothing mayor that involves a lot of changes under the hood, but anyway, I’d like to be in control, so I set ALL of my sites to not to autoupdate.
It is risky? Yes it is, BUT (Thank God there is always a but)
I set up a dev site, on a live server, that is just for testing, no public access, just me, and I have a replica of that site in my local server, so if I break the live site I just grab the local copy and migrate the site over the live server.
What do I do with that site?, well that site is the Chess pawn that goes first in any move, that site it is set to auto update, and that site has many of the plugins I generally use, and it is set with the themes and frameworks that I usually use, so in the moment that is updating, I will get an automated email telling me that the site was autoupdated because of blablabla, that is a WordPress feature, an email is sent after the autoupdate is processed.
So I will receive a notification even if I am off my computer to read blogs, or news about WordPress, and I will have the time to see why it is updated, and how fast do I need to apply that update on client sites.
If is a security update, even a mayor security update, I will wait until the end of that day to update, just after the website traffic slows down, no matter the client business I always wait until the traffic slows down, and is not always at night, if your client is a night club, the best moment of the day to update the site is 7:00 am in the morning!
To protect myself About this hours of waiting, I add a part in the contract where I tell the client exactly this, and that it might take up to 48 hours for the update to be applied, this is because sometimes I read a lot before just hit the update button. So if the site is compromised in the middle of those 48 hours it will not be my fault, and we will split the charges to have the site up and running again. Most likely nothing will happen but just in case.
Before to update, I always test the changes in my local server for the specific site, I use DesktopServer so I have 2 copies of every site because is very easy to have a site copied, it is just a matter of seconds so I will not risk the local copy applying the changes in the only local copy I have, I’d rather to have 2, I mean 1 and to test, just clone the local copy, once the changes are tested I can safely delete the site used, and keep the untouched, or viceversa, since it may be a better choice to keep the one that it is updated and working.