Broken Websites, Automatic Updates, and Roadside Assistance

It's the automatic updater's fault your tire went flat, and other absurd thoughts.
It’s the automatic updater’s fault your tire went flat, and other absurd thoughts. Creative Commons Image Attribution

Automatic updates broke your site? No, your lack of planning broke your site.

Last week a security fix was pushed via automatic update to self-hosted WordPress users. The behind-the-scene details are inconsequential, but the gist is that the core team was made aware of a potential security issue related to the Shortcode API.

When you read the words “potential security issue” what that means is that WordPress (which powers about a quarter of the entire Internet) has a hole that the right malicious user could use to write a script to corrupt/infect as many sites and servers as possible. Depending on the level of severity, up to the entire 25% of the Internet could be affected.

Let that sink in.

So, when an issue comes up (there are proper ways of reporting it) the core team can either broadcast to all plugin developers that a fix is coming out and functionally disclose the hole to a wider audience, or they can issue the fix, and “break” some sites while preventing hackers from having even one more minute to discover a backdoor into 25% of the internet.

Perhaps it's time to stop treating website maintenance like a surprise expense. Share on XLeaving aside the fact that you attached yourself (for no cost) to this behemoth powering a quarter of the web with the¬†expectation of it doing always and only things in your best interest, which is fodder for another (more pointed) post, perhaps it’s time to stop treating website maintenance like a surprise expense.

You need to prepare for automatic updates which break things in the same way you should plan on flat tires in your car or power outages in your office. They will happen. In the vast majority of cases, automatic updates have not “broken” anything. People don’t even notice them as they slam the door shut on hackers.

But every now and then the core team has to make the call to save millions of sites from male enhancement¬†ads, with the unfortunate side effect of having some of those sites not display shortcodes properly until you fix a plugin. It’s the cost of a large-scale operation

Have a plan. When your car blows a tire, your mechanic’s roadside assistance plans pays for itself multiple times over.

Oh, and yeah, I can be that mechanic, if you’d like.