Updating modules and themes requires ftp access to your server

12 Mar

" And I was like ".." Immediately, I thought about all of the updates I don't immediately apply to contrib projects because they change a configuration option, or otherwise modify the way I've set up the site.So I thought "I don't really want an auto update because it might break things." That said, why can't Drupal automatically update security fixes - at least in core - automatically?until the next issue was found, and this last one was a pretty gigantic one!Wordpress introduced auto update in version 3.7 on October 24, 2013.If it did, Drupageddon could have never been a widespread issue.It's easy to think, "Well, it's fixed now, so there's nothing to worry about." But I think that's shortsighted. Best case, I can help get something started that will benefit the entire Drupal community in the future.(I certainly would have benefited from one.) I was recently discussing the security update with some friends, and one of them asked "Does Drupal have an auto update?

First, you need to have a Drupal installation under your hosting account.

They also included options in their configuration file that can be set to disable auto updates, as well as choose which types of updates should be performed automatically: none, major and minor or minor only.

You can read more about it on the Configuring Automatic Background Updates page: I'm just curious if this is something that can be added in a point release of D8 (like 8.5 or something). And if that's you, I'd say that turning the auto update setting to off would mean that you can continue to work the way you currently do.

Also, I've ready a few posts saying that auto updates would not fit their workflow. However, small business owners, churches, non-profits and the like that have volunteers (with little to no development background) managing their sites don't have the luxury of utilizing Git, Drush etc.

In those scenarios, I think the case could be made that an autoupdate feature (as long as the updates are tested before release) could be a much more stable way of maintaining a site than having a volunteer FTP files to a server without really knowing what they are doing.