mySites.guru

How to Stop Automatic Updates in WordPress with One Click

How to Stop Automatic Updates in WordPress with One Click

The problem with WordPress automatic updates

WordPress introduced automatic background updates in version 3.7. The idea was sound — keep sites patched without relying on site owners to apply updates by hand. For small personal blogs, it works fine most of the time.

For anyone managing client sites, running WooCommerce stores, or operating sites where uptime matters, automatic updates tell a different story.

What can go wrong:

  • Major version upgrades ship with database schema changes, new default behaviors, and deprecated functions. Plugins that worked yesterday might throw errors today.
  • Plugin and theme updates triggered automatically can introduce bugs, change layouts, or conflict with other plugins.
  • Updates during peak traffic can cause temporary downtime while the update runs, especially on shared hosting.
  • No rollback — if an update breaks something at 3am, your site sits broken until someone notices and fixes it.

The WordPress ecosystem moves fast. Plugin authors push updates frequently, and not every release is well-tested against every combination of other plugins and themes. Automatic updates mean you’re trusting that every update, from every source, will work perfectly on your specific site configuration.

The WordPress constant: AUTOMATIC_UPDATER_DISABLED

WordPress controls automatic updates through the AUTOMATIC_UPDATER_DISABLED constant in wp-config.php. When set to true, it disables all automatic background updates — core, plugins, themes, and translations. This is one of several WordPress debug and configuration constants that control site behaviour.

To set it manually, you’d SSH into your server, open wp-config.php, and add:

define('AUTOMATIC_UPDATER_DISABLED', true);

Then repeat that for every WordPress site you manage. And remember which ones you’ve changed. And make sure nobody reverts the change during a WordPress upgrade.

For a single site, it’s a two-minute task. For 30 sites, it’s a headache. For 200 sites, it’s a full afternoon.

How mySites.guru disables automatic updates in one click

mySites.guru’s WordPress Configuration audit reads AUTOMATIC_UPDATER_DISABLED from wp-config.php on every connected site during each snapshot. If auto-updates are still enabled, the audit flags it.

mySites.guru WordPress Configuration audit showing AUTOMATIC_UPDATER_DISABLED and other wp-config.php constants with one-click toggles

Click the fix button, and the connector plugin sets the constant to true on the remote site. The next snapshot confirms it stuck. If someone (or something) reverts the change later, the audit catches it again.

You can see the auto-update status of every WordPress site on one screen. No individual admin logins, no spreadsheets. If you’re managing multiple WordPress sites, this alone saves hours of repetitive work.

A better approach: minor updates only

Disabling all automatic updates is one extreme. The other extreme is leaving everything on auto-pilot. There’s a middle ground that works better for most professional setups.

WordPress has a separate constant called WP_AUTO_UPDATE_CORE that lets you allow only minor (security/patch) updates while blocking major version upgrades.

Setting it to 'minor' means WordPress will still auto-apply security patches (like 6.4.1 to 6.4.2) but won’t jump from 6.4 to 6.5 without your involvement.

You can use both constants together for fine-grained control:

  1. Disable the full auto-updater to stop WordPress from updating plugins and themes automatically
  2. Enable minor-only core updates to still receive security patches

This gives you the safety net of security patches without the risk of untested major upgrades breaking your sites.

Managing updates deliberately

Disabling automatic updates isn’t the same as ignoring updates. You still need to keep WordPress, plugins, and themes current — you’re just choosing to do it on your terms.

With mySites.guru, you can:

  • See available updates across all connected sites in one place
  • Spot which sites are behind on core, plugin, or theme versions
  • Apply updates when you’re ready, not when WordPress decides to
  • Get vulnerability alerts when a plugin has a known security issue

Keeping plugins up to date also reduces your attack surface. Outdated plugins are the number one way WordPress sites get compromised, and mySites.guru’s vulnerability scanner cross-references your installed versions against threat databases twice a day.

The workflow shifts from “hope nothing breaks overnight” to “review what’s available, test if needed, apply when ready.”

Preventing unwanted plugin installs

Controlling updates is half the equation. The other half is making sure nobody installs untested plugins on your managed sites in the first place.

If you give clients wp-admin access, there’s nothing stopping them from installing a random plugin that conflicts with your carefully maintained stack. mySites.guru can detect and block unauthorized plugin installs so you stay in control of what runs on each site.

Who should disable automatic updates?

If you manage WordPress sites for clients or run sites where reliability matters, controlling updates is non-negotiable. Specifically:

  • Agencies managing client portfolios — a broken client site at 2am is a support ticket and a reputation hit
  • WooCommerce stores — a plugin conflict during checkout means lost revenue
  • Membership sites — downtime means paying members can’t access content
  • High-traffic sites — updates during peak hours cause unnecessary load

For personal blogs with no revenue impact, automatic updates are probably fine. For everything else, take control. If you’re juggling more than a handful of sites, read our guide on how to manage multiple WordPress sites like a pro for a broader look at the tools and workflows that make this manageable.

Further reading

Frequently Asked Questions

Why would I want to disable automatic updates in WordPress?
Automatic updates can introduce breaking changes -- especially major version upgrades that alter database schemas, deprecate functions used by plugins, or change default behaviors. For production sites, uncontrolled updates risk downtime, broken layouts, and plugin incompatibilities. Professionals prefer to test updates in staging before applying them to live sites.
Does disabling automatic updates mean my WordPress site will be insecure?
Not if you manage updates deliberately. Disabling auto-updates gives you control over when and how updates are applied. mySites.guru lets you monitor available updates across all sites, test them, and apply them on your schedule -- so you stay current without the risk of an unattended update breaking something overnight.
Can mySites.guru disable automatic updates on multiple WordPress sites at once?
Yes. mySites.guru's WordPress Configuration audit detects the AUTOMATIC_UPDATER_DISABLED constant on each connected site. You can toggle automatic updates off (or on) from the dashboard with one click per site, and work through all your sites from a single screen without logging into each WordPress admin.
What is the difference between AUTOMATIC_UPDATER_DISABLED and WP_AUTO_UPDATE_CORE?
AUTOMATIC_UPDATER_DISABLED stops all background updates -- core, plugins, themes, and translations. WP_AUTO_UPDATE_CORE only controls core WordPress updates. Setting WP_AUTO_UPDATE_CORE to 'minor' lets security patches through while blocking major version jumps. You can use both constants together for fine-grained control.
Will disabling auto-updates affect my WordPress security patches?
It depends on your configuration. If you set AUTOMATIC_UPDATER_DISABLED to true without enabling minor core updates, you'll miss security patches until you apply them manually. The recommended setup is to disable the full auto-updater while keeping WP_AUTO_UPDATE_CORE set to 'minor' so security patches still come through automatically.

More from the blog

Monitor site uptime with mySites.guru

Monitor site uptime with mySites.guru

mySites.guru runs its own uptime monitoring engine with per-minute checks and instant downtime alerts at no extra cost.

How to Disable the WordPress Admin Menu Bar on the Frontend When Logged In

How to Disable the WordPress Admin Menu Bar on the Frontend When Logged In

The WordPress admin bar shows on the frontend for every logged-in user. Here's how to disable it per role or site-wide, and keep it consistent across sites.

Hidden Files Lurking on Your Web Server

Hidden Files Lurking on Your Web Server

Your web server probably has hidden dot-files you've never seen. Some are harmless, some were left by hackers. Here's how to find them.

Ready to Take Control?

Start with a free site audit. No credit card required.

Get Your Free Site Audit

Out of your depth? Need Help?

Phil Taylor

The Original Joomla Expert – Since 2004

Found issues with your Joomla or WordPress site? Get same-day expert help fixing errors, security issues, and performance problems. Flat-rate pricing, no hourly billing surprises.

  • ● Fix hacked or compromised sites
  • ● Resolve PHP errors & White Screen of Death
  • ● System upgrades & PHP 8 compatibility
  • ● Performance optimization & hosting issues
  • ● £120 flat rate per incident
Get Expert Help TODAY! →

If we can't add value, you don't pay • Same-day turnaround

20+ Years – Fixing Websites

Need Help Addressing Health Check Issues?

Phil Taylor has been fixing Joomla sites since 2004. If it were simple, you would have done it yourself by now. Get professional help from someone who's seen it all.

  • 20+ years of Joomla & PHP expertise
  • Same-day turnaround on most issues
  • No charge if we can't add value or fix the problem