Automatic WP 3.8.1 update Outraged User

How is it possible that WordPress can get past all of my brute force security plus my username and password security and update the version of WordPress from 3.8 to 3.8.1

Auto-updates have been around since 3.7 and were first used in 3.7.1.

WordPress auto-updated because your webserver process has blanket write access to your entire site. It doesn’t matter how much brute force security you have, the state of your installation means that you are allowing this to happen.

If you don’t want it to happen again, have a read of this:

Guide to disabling auto updates

then this:

Permission scheme for WordPress

Set your file permissions so that only your user account and not the server can write to files in your WordPress root directory and downwards.

From: [email protected] (which is an email address that does not exist on my domain)

That’s the default email address in a WordPress install. <wordpress> [at] <yourdomain>. It’s nothing to worry about. You can change it with a plugin such as:

https://www.ads-software.com/plugins/wp-mailfrom-ii/

Thank you for your reply… Hmm, interesting… I have recently moved my Provider from Inmotionhosting to Hostgator, and with my previous provider updates had to be initiated by me. Seems that I need to have a chat with these guys and I will go through the the Guide to disable auto updates.

Thanks again

There is a known rule throughout WordPress, Don’t Update until the storm is over and all the bugs have been worked out.
There needs to be an option to Disable Auto Update.

@gslabber5119, this will probably work for you: https://www.ads-software.com/plugins/disable-wordpress-updates/

That way you don’t have to pay someone to do it.

@keeperbay:

There needs to be an option to Disable Auto Update.

There is that option.
Please review this codex guide for instructions: https://codex.www.ads-software.com/Configuring_Automatic_Background_Updates

Hi
@gslabbert5119 me too. Automatic update and now I can’t login to my wp.

There is a known rule throughout WordPress, Don’t Update until the storm is over and all the bugs have been worked out.
There needs to be an option to Disable Auto Update.

I use this in wp-config:

/** Disable All Automatic Updates */
define( 'AUTOMATIC_UPDATER_DISABLED', true );
/** That's all, stop editing! Happy blogging. */

I contacted my Provider and they added the following to the wp-config.php file

‘/** DISABLE WORDPRESS UPDATES **/
define( ‘AUTOMATIC_UPDATER_DISABLED’, true );’
We will see if that takes care of the Issue.

Duh, I just realized that this is the exact code that was posted by leejosepho.

Thanks for the assistance all

Yes, but now, How can I login to my wp network??

estrella, I do not post here much, but I bet that you will be best served if you post to a new thread that way everyone can find your issue. Responses from new threads are usually excellent from what I have seen, take this thread in point.

ok Thanks!

There should be an easier way, like a switch to turn off Auto updates…

Oh absolutely agreed Gtantra

Thanks for the post. I thought I had auto updating turned off through my host, but two sites that I have set up that way auto updated yesterday. I just added this code to both sites.

The average blogger doesn’t know an “if” from an “else”, how are they going to disable a possibly crippling automatic update?

A simple check box would have worked:
Check if you want to auto update.
Leave unchecked if you want to manually update like we always have.

It’s really that simple.