Why I hate auto updates?
The updates supposed to be here in order to keep you up to date, safe a “shiny”. It helps you to patch the security holes in your system (web), basically make it harder for hackers to hack your site.
Well, what is hack?
Hack, more appropriate word would be crack actually.. anyway, let say that the “problem is any unwanted change to your site.
That is exactly what auto-update is!
It’s like being hacked within.
In sane environment there should never change anything by it’s will, without you to know about it..
If there is a new version of WordPress. you should not rush for it right a way and blindly install it, just like that. This is completely stupid, and you just ask for problems.
The right way is to test the web on safe place first and if that all works fine with all your code, plugins and such, only then you can push the new WordPress what ever to live. It is called staging, and it is completely crucial feature in all mature systems.
In this field WordPress behaves as stupid like Microsofts Windblows that starts to update it self right before your presentation.. Grate.. this is really what we want, be crippled in the name of security.
Here are basic definitions how to disable this auto-hacking feature.
If you know WordPress enough have access to the wp-config.php, define:
define( 'AUTOMATIC_UPDATER_DISABLED', true );
If you want to have the change persistent along your plugin, or template, add filter. to your functions.php (in theme case), or anywhere in your plugin.
add_filter( 'automatic_updater_disabled', '__return_true' );
If hacker hacks my site, that’s fine. I know the “bad” guy did that. But when my supplier (WordPress) hacks it self, it is like when police brake in to my house and change my lock because they happend to be out of date in order to keep me safe.. even worst on trimester basis.
Like many times before another czech WP conference will happen again in Hluboká nad Vltavou (3th October), where I’ll be presenting an alternative way how to withstand heavy load and basically make your website bulletproof, save you headache and money too.
The old school way via top notch technology. Serving the static version of your website thru Amazon services.
The proces in a nutshell:
- Set up Amazon S3 bucket / Alternatively set up Cloudfront
- Convert WP to static files (wget, httrack)
- Run a uploading script automatically via crontab (s3cmd)
- Serve to millions with smile on your face :)
Unfortunately not all hostings give you shell access and some of them are even screwed up and you end up with folder and files you cannot delete. The server doesn’t run the php scripts as your user but as global user for example www-data. Because of that you have no permission to delete or rename the files the server made and so you are stuck and forced to call to the unwilling support, send them ticket and wait ages ;(
Or you can help your self and write one line in php and delete the bewitched folder, like so:
exec('rm -rf /var/www/vhosts/domain.com/httpdocs/wp-content/cache');
Be extremely careful and provide the right path to the folder you really wanna delete!
Run the script once.
Oki, lets show off a bit..
I’ve just finished new website. Though I haven’t designed the website, the transformation from the picture to a working interactive graphic is ..ehm, my work… I mean all the custom coding ;)
The web runs on WordPress as usual and the front-end scaffold part is nicely done in Bootstrap, obviously ;)
The result looks nice and tidy don’t you think?
Some people are crazy about character numbers while their write their stories. They do not want to know the actual sum of letters only but also count number of letters partially.
Download the Wordpress plugin “Content character count live” from repository.