Successfully reported this slideshow.
Your SlideShare is downloading. ×

Why it's dangerous to turn off automatic updates and here's how to do it

Ad
Ad
Ad
Ad
Ad
Ad
Ad
Ad
Ad
Ad
Ad

Check these out next

1 of 27 Ad
Advertisement

More Related Content

Slideshows for you (20)

Similar to Why it's dangerous to turn off automatic updates and here's how to do it (20)

Advertisement

Why it's dangerous to turn off automatic updates and here's how to do it

  1. 1. Why it’s dangerous to turn o automatic updates and here’s how to do it Presented by Onni Hakala 1 / 27
  2. 2. Automatic Updates in WordPress WordPress includes a feature for automatic updates. This is built-in feature and it's enabled by default. This delivers crucial security updates, bug fixes and new features for everyone. WordPress core developers test all changes carefully before they are released. 2 / 27
  3. 3. Sounds great, huh? 3 / 27
  4. 4. I'm asking you to disable it In order to safely implement automatic updates you need to disable automatic updates. 4 / 27
  5. 5. You just said that it's a great feature 5 / 27
  6. 6. Why would anyone ever do this? 6 / 27
  7. 7. Have you ever heard of a WordPress site broken by automatic updates? 7 / 27
  8. 8. Now it's easier to understand 8 / 27
  9. 9. Why We Should Update Some statistics from 2016 Out of the 11k+ infected websites we analyzed, 56% of the total WP infected websites, were still out of date. This is good, when compared to the percentage of infected sites with out of date software found in the Joomla! (84%), Magento (96%), and Drupal (81%) platforms.[1] [1] sucuri.net/website-security/website-hacked-report 9 / 27
  10. 10. But nobody wants to put out res all day People are still afraid that the updates will break things 10 / 27
  11. 11. So how should this be implemented? Warning: next slides are focused for the technical audience. 11 / 27
  12. 12. Create a testing pipeline This is a process which takes care of deployments 12 / 27
  13. 13. Steps to create pipeline 1: Store your source code in Git Create a new Git repository for your project and put all of the source code including plugins and themes there. Github, Gitlab and Bitbucket are easy to setup. 13 / 27
  14. 14. Steps to create pipeline 2: Disable built-in updates I admit this is scary. You can do it by adding this line into wp-config.php: <?php // Disable all automatic updates define( 'AUTOMATIC_UPDATER_DISABLED', true ); 14 / 27
  15. 15. Steps to create pipeline 3: Manage versions with Composer This is a package management tool for php 15 / 27
  16. 16. Steps to create pipeline Composer allows you to track versions of plugins, themes and core Here's an example composer.json with WordPress and Jetpack: { "require": { "php": ">=7.0", "johnpbloch/wordpress": ">=4.5.0", "wpackagist-plugin/jetpack": ">=4.7.3" } } 16 / 27
  17. 17. Steps to create pipeline Now you can update all the things with a single command After this you will have latest versions ready for deployment to the production $ composer update 17 / 27
  18. 18. Steps to create pipeline 4: Stop manually testing your updates This one is quite hard and you need to build tools which can detect if the site is not working correctly. For me this was the hardest step to take and it took long time to gain enough trust in the systems. 18 / 27
  19. 19. Steps to create pipeline 5: Implement tests for your site Pick any tool that feels good for you. You can start small and build more tests later. Here are some tools I have found useful: 19 / 27
  20. 20. Steps to create pipeline 6: Automate testing using CI Continuous Integration Service (CI) can install and test the updates 24/7. Travis CI and Drone CI are my favorites: 20 / 27
  21. 21. Steps to create pipeline 7: Use Your CI to deploy new code to production This depends on your setup. You could just transfer files with rsync from CI to your production server and reload the web server. I prefer using docker containers but that's a whole different topic and let's not go there today. 21 / 27
  22. 22. Steps to create pipeline 8: Automatically commit new versions to the source code You want to know when updates happened and you want to store all changes in the Git repository. The changes in source code will trigger new test builds and deployments in CI. You just need to make them happen somehow. 22 / 27
  23. 23. Steps to create pipeline This can be achieved using a simple cronjob This script can be used to download and updates your source code back to Git. #!/bin/bash # Download latest changes from central Git $ git fetch origin # Reset all changes to the master $ git reset origin/master # Update all components $ composer update # Commit changes $ git commit -am "Updated all dependencies" # Push them back to git $ git push github master 23 / 27
  24. 24. Steps to create pipeline 9: Keep enhancing your tests Your goal is to have good test coverage. Your site will still be broken in ways you can't imagine. Trial & Error is good approach for this. At the bare minimum you should add tests for all features which have been broken by updates so that they won't be failing again. 24 / 27
  25. 25. Summary of the new update ow 25 / 27
  26. 26. So what did we do? We replaced the default update process with a better one. 26 / 27
  27. 27. Thanks for listening! Come talk to me: Twitter: @koodimonni Github: @onnimonni 27 / 27

×