[Update at 10:50am PST: Based on the comments we’ve received below, it sounds like this problem only affects certain sites. We have received several reports of successful updates, although some of these may be the hosting provider updating WordPress installs manually. Overall this looks like good news for the WordPress team who reported this as a severe bug. If you have been impacted by this, let us know in the comments.]
In an unfortunate turn of events, WordPress 4.9.3 was released earlier this week and it included a bug which broke WordPress auto-update. Millions of sites auto-updated from 4.9.2 to WordPress 4.9.3 and it broke their ability to auto-update in the future.
What Broke?
WordPress 4.9.3 included a bug that causes a fatal PHP error when WordPress tries to update itself. This interrupts the auto-update process and leaves the site on 4.9.3 forever.
The core developers tried to reduce the number of API calls that occur when an auto-update job is run. According to the WordPress core development blog:
“#43103-core aimed to reduce the number of API calls which get made when the autoupdate cron task is run. Unfortunately due to human error, the final commit didn’t have the intended effect, and instead triggers a fatal error as not all of the dependancies of find_core_auto_update() are met. For whatever reason, the fatal error wasn’t discovered before 4.9.3’s release – it was a few hours after release when discovered.”
Only Actively Maintained Sites Are Affected
WordPress has included the capability to auto-update since WP version 3.7, which was released four years ago. The WordPress auto-update function only updates minor versions by default. That means that only releases that change the number to the far right of your WP version will auto-update. In other words, if you were on 4.9.3 and 4.9.4 is released, your site will auto-update. But If WordPress 5.0.0 is released, your site will not auto-update by default.
It’s important to understand that WordPress works this way, because that limits the number of sites that auto-updated to the version that broke auto-update. Only WordPress sites running 4.9.2 would have updated automatically to 4.9.3, which broke auto-update.
This is important because A) It means that the population of websites that now have a broken auto-update is smaller than ALL WordPress sites and more importantly B) The sites that have a broken auto-update would have been manually updated by the site owner when WordPress 4.9 was released.
This means that every site affected by this was manually updated to WordPress 4.9 “Tipton” after November 16, 2017 when 4.9 was released. So, while this bug is unfortunate, the good news is that, for the most part, it only affects actively maintained sites that have been manually updated by the admin within the last 3 months. If a site was not updated to WordPress 4.9 during that time, it will still be on an older track and will not have received the broken auto-update.
The sites that we are most concerned about are sites that are unmaintained. If auto-update broke on those sites, they may not receive another update for several years, until someone remembers the site exists and does an update. Those unmaintained sites are not affected by this and will continue to auto-update.
For example, we have an unmaintained test website that is currently on WordPress version 3.9.23 and it has been steadily receiving auto-updates without any updates from us. That site is not affected by this bug and it received it’s most recent auto-update on January 16th.
Update Your Site Manually Now
Some of you will find that your hosting company has taken care of this for you, especially if you are on a ‘Managed WordPress’ plan. If you are now stuck on WordPress 4.9.3, you will need to manually update your site to continue receiving auto-updates. To update manually and get past this broken auto-update issue, simply sign into your WordPress site as your admin user and visit Dashboard → Updates and click “Update Now.”
After the update, make sure that your core version is 4.9.4. You can scroll down and check the bottom right of your admin panel and it should say “Version 4.9.4”.
Please share this info with the WordPress community to help make them aware than they will need to sign into their sites and do the manual update to get past version 4.9.3 and this issue.
The post WordPress Update Breaks Future Auto-Updates. Manually Update Now! appeared first on Wordfence.