For some reason, WordPress All in One SEO plugin developers unilaterally turned on auto-updates without consent from publishers. That in turn led to numerous sites experiencing outages.
For the lifetime of WordPress, automatic updates are something that WordPress publishers have to opt into. This normally allows publishers to perform site backups before applying manual updates. That way, should anything go wrong with an update, publishers can simply roll back to the previous version.
It also allows more experienced developers to download a copy of the updates and test them in development environments before using them in a production setting.
With automatic updates, it’s no longer possible to save a backup before the update happens. You guessed it! A buggy update can therefore cause major problems that may not be able to recover from without the essential backup.
The Case of WordPress All in One SEO
WordPress All in One SEO violated the above principle. On November 14, 2020, All in One SEO updated from 3.7 to a new 4.X version. This did not end there. They released a second update to 4.01 on the same day to fix a database issue.
Through December 2020, WordPress All in One SEO plugin released a total of twelve updates to fix a huge amount of issues, including several bugs.
The only hint that the developers had forced auto-updates was a bullet point buried in the changelog for the 4.0.8 release.
WordPress Plugins Auto Update Controversy?
There is been some low key debates on whether WordPress Auto Updates are a good idea. Generally, it depends. Non-complex websites can benefit from auto-updates. Where there are heavy or complex setups then auto-updates is not advisable. It boils down to the judgment of the website publisher and therefore auto-updates must remain an opt-in option.
Whatever the case, it is important to backup up your website before updating plugins.