In the past week, WordPress has updated the version of WordPress to versions 4.9.2 and version 4.9.3 for security and bug fixes. WordPress 4.9.3 was released earlier this week and unfortunately, it broke the auto-update mechanism in WordPress. Sites running 4.9.2 were auto-updated to 4.9.3 and will no longer be auto-updated unless you perform a manual update.
According to the news of the updates of WordPress, Wordfence put out a post regarding what happened.
What Broke?
WordPress 4.9.3 included a bug that causes a fatal PHP error when WordPress tries to update itself. This interrupts the auto-update process and leaves the site on 4.9.3 forever.
The core developers tried to reduce the number of API calls that occur when an auto-update job is run. According to the WordPress core development blog:
“#43103-core aimed to reduce the number of API calls which get made when the auto-update cron task is run. Unfortunately, due to human error, the final commit didn’t have the intended effect and instead triggers a fatal error as not all of the dependencies of find_core_auto_update() are met. For whatever reason, the fatal error wasn’t discovered before 4.9.3’s release – it was a few hours after release when discovered.”
Only Actively Maintained Sites Are Affected
WordPress has included the capability to auto-update since WP version 3.7, which was released four years ago. The WordPress auto-update function only updates minor versions by default. That means that only releases that change the number to the far right of your WP version will auto-update. In other words, if you were on 4.9.3 and 4.9.4 is released, your site will auto-update. But If WordPress 5.0.0 is released, your site will not auto-update by default.
It’s important to understand that WordPress works this way because that limits the number of sites that auto-updated to the version that broke auto-update. Only WordPress sites running 4.9.2 would have updated automatically to 4.9.3, which broke auto-update.
This is important because A) It means that the population of websites that now have a broken auto-update is smaller than ALL WordPress sites and more importantly B) The sites that have a broken auto-update would have been manually updated by the site owner when WordPress 4.9 was released.
This means that every site affected by this was manually updated to WordPress 4.9 “Tipton” after November 16, 2017, when 4.9 was released. So, while this bug is unfortunate, the good news is that, for the most part, it only affects actively maintained sites that have been manually updated by the admin within the last 3 months. If a site was not updated to WordPress 4.9 during that time, it will still be on an older track and will not have received the broken auto-update.
The sites that we are most concerned about are sites that are unmaintained. If auto-update broke on those sites, they may not receive another update for several years, until someone remembers the site exists and does an update. Those unmaintained sites are not affected by this and will continue to auto-update.
For example, we have an unmaintained test website that is currently in WordPress version 3.9.23 and it has been steadily receiving auto-updates without any updates from us. That site is not affected by this bug and it received it’s most recent auto-update on January 16th.
Update Your Site Manually Now
Some of you will find that your hosting company has taken care of this for you, especially if you are on a ‘Managed WordPress’ plan. If you are now stuck on WordPress 4.9.3, you will need to manually update your site to continue receiving auto-updates. To update manually and get past this broken auto-update issue, simply sign into your WordPress site as your admin user and visit Dashboard → Updates and click “Update Now.”
After the update, make sure that your core version is 4.9.4. You can scroll down and check the bottom right of your admin panel and it should say “Version 4.9.4”.
Please share this info with the WordPress community to help make them aware that they will need to sign into their sites and do the manual update to get past version 4.9.3 and this issue.
Read the full article by Wordfence “WordPress Update Breaks Future Auto-Updates. Manually Update Now!”
If you need help with updates, security or other WordPress questions, feel free to contact the Secure Hosting WP Team.