One of the great features of WordPress is the ability to automatically update plugins and themes. Given the number of third party plugins and themes available to customise your website, it is no surprise that 96% of vulnerabilities found on WordPress sites are from plugins and themes. Attackers have an easier time in exploiting websites with out of date software and gaining control of the site.

Many people don’t realise the importance of keeping their site up to date, and so many sites went for a long time without being updated, and were breached as a result. So when WordPress released the feature to automatically update plugins and themes, it was a major step forward in helping website owners stay secure.

To enable auto updates for plugins, go to the Plugins menu and click the option on the right hand side of each plugin saying ‘Enable Auto-Updates’.

To enable auto updates for themes, go to the Appearance menu, click into each theme you have installed and click the option for ‘Enable Auto-Updates’.

One result of the auto-update feature is that WordPress sends a notification email to the site admin each time it updates a plugin or theme. This can be useful in knowing that your site is being updated, and if something on your site stops working, you can relate it back to the fact that something was updated recently. The constant emails can become a nuisance though, so it is useful to be able to turn them off.

To disable these notifications, you need to edit your theme. Go to Appearance > Theme Editor, and on the right hand side, find the functions.php file. Click into it and add the following lines:

# Disable Auto Update Notification Emails for Plugins
add_filter( 'auto_plugin_update_send_email', '__return_false' );

# Disable Auto Update Notification Emails for Themes
add_filter( 'auto_theme_update_send_email', '__return_false' );

You should find that your email inbox is no longer filled up with update notifications.