I hate automatic updates for pretty much everything, operating systems, software, phones, you name it. I’m not against security, I’m just against something happening with little to no communication to the end user or the administrator who ends up cleaning up the mess when one of those forced updates break something critical to workflow or business operations.
No hackers or malware can compete with the amount of hosed websites that WordPress itself is responsible for breaking with their forced automatic updates. The biggest culprit is really the lack of options during the installation of WordPress to turn this off or opt-out.
Which is why with the WordPress 5 release breaking plugins and themes across the world, I thought I’d remind you that you CAN disable ALL automatic updates in WordPress by adding this line of code in your wp-config.php file:
This will disable all automatic WordPress updates.
define( 'WP_AUTO_UPDATE_CORE', false );
However if you want to receive minor core updates, but disable theme and plugin updates, then you can do so by adding the following filters in your theme’s functions.php file or in a site-specific plugin.
Disable automatic WordPress plugin updates:
add_filter( 'auto_update_plugin', '__return_false' );
Disable automatic WordPress theme updates:
add_filter( 'auto_update_theme', '__return_false' );