Vulnerabilities in certain plugins and themes on WordPress were regularly in the news in recent months, as it allowed hackers to access certain sites. In the fight against hackers, WordPress is now working on a feature that can automatically install updates to improve security faster.
Where themes and plugins receive regular updates, it is up to the administrator of a WordPress site to maintain and update. Something that is often forgotten, after which a site runs the risk of being taken over by someone using a published vulnerability. By automatically updating themes and plugins, it would no longer be an extra worry for administrators.
WordPress has been working on the feature for a month and the automatic updates for plugins are already finished. As soon as it is deployed on the stable-branch, admins will be able to see in a single repository which features are enabled and whether plugins are allowed to update automatically. The feature can be disabled manually, but it can also be overridden by downloading an update yourself. In the current build, under each plugin (just like on the page of the plugin itself), a new version is made available.
The code for the automatic updates appeared to be already present in WordPress, but not enabled by default. It was mainly used to perform small updates of WordPress itself, although large updates (to a newer version) still had to be done manually. Some users already dived into the config files to enable the function themselves, but with a clearer UI WordPress saves users that challenge.
There is no exact release date yet, but it is expected that the feature will be in the upcoming 5.4 release.