***Note: Please do not reply telling me to use the links in WP-Admin to disable updates…. that is not how I do things because my clients pay me for tech support and expect that I will run the updates for them manually. Using those links to disable updates in the admin still allow minor updates to run and allow the client to active them whenever they want whether intentionally or not.***
I am a contract website developer and I manage many websites where I have disabled auto updates. However, the update to WordPress 6.5 was still done automatically. So this has led me to wonder what happened to cause this because I’ve had auto updates disabled on all sites that I manage for over 4 years.
Some of the websites have this code in wp-config.php
define( ‘AUTO_UPDATER_DISABLED’, true );
While others have this code in wp-config.php
define( ‘WP_AUTO_UPDATE_CORE’, ‘minor’ );
define( ‘automatic_updater_disabled’, true );
define( ‘DISALLOW_FILE_EDIT’, true );
Do I understand correctly after reviewing [this](https://make.wordpress.org/core/2013/09/24/automatic-core-updates/) article over on [Make.WordPress.org](http://make.wordpress.org/) that changing
define( ‘automatic_updater_disabled’, true );
and
define( ‘AUTO_UPDATER_DISABLED’, true );
to
define( ‘auto_update_core’, false);
will stop the sites I manage from auto updating in the future?
Also, is there a way to stop ALL updates, not just core updates in wp-config.php?
[ad_2]
For starters, I’d have to stress how important the wp-config file is in WordPress.
– if you’re a contract website developer
– if you manage many websites
and
– if WordPress makes up =>20% of your current portfolio
…drop everything and learn about the built-in WordPress flags that you can insert into wp-config.
###
Secondly, and to answer your question, you’ll have to tell us about the hosting environment.
If you’re using dedicated hosting environments, setting flags should work as expected.
If you’re hosting on a super restricted cPanel or Plesk server, the chance exists that your host provider can override your flags and force core WP updates to patch vulnerable WP installs.
If the site was installed using cPanel/Softaculous, you might have checked a box that overrides the WP admin settings and just updates the script when a new version comes out.
Hosting company’s force it through. WPEngine, CloudWays, GoDaddy, Nexxus, etc… all do it.
In fact, in at least the last 5 years I have not seen too many that dont do it… tho, most give ya an option to defer or turn it off…
You have defines with all lowercase. Normally php consts should be all uppercase. I think you wanted to use filters in in theue place. These filters will need to run when wp is at least partially loaded. This could be in a system plugin (mu-plugins) or a custom one that you always install on each site.