Thoughts about the Debate on Auto-Updating of WordPress SEO

Let me start off by saying that I have a hate-hate relationship with WordPress SEO; admittedly it’s not an objectionable opinion, even though I can easily find some faults, rather it’s a personal opinion because of how I see them treat their users. For that history alone I really wanted to hate the decision the API team made to force an auto-update WordPress SEO on millions of sites after a security exploit was released but I don’t, not one bit.

To have a team committed to the security of our sites and millions of others strengthens WP’s legitimacy (period). IMO forcing the update to millions of people, wether they knew about it, wanted it, or didn’t care, has more to do with a perception of security than any concern over a single site being hacked. Maybe the individuals on the team are more idealistic; regardless the bigger picture is that WordPress has had a stigma as “not being secure”, auto-updates has helped fixed that perception and actions like these will only help improve WordPress as a whole.

Now Fight!

Now, if you’re in the echo chamber that is the WordPress development community you’ll see that some valid concerns have been raised. I especially like the healthy debate on twitter from this tweet…

All of which can be boiled down to false expectations, hopefully now those expectations are being reasonably set, certainly looks like it.

Misdirected Frustration?

An indirect argument that isn’t getting traction is the increasingly distrust for WordPress SEO plugin, instead it’s a piece of the broader argument of trusting auto-updates. I strongly believe if WooCommerce or even All in One SEO was updated yesterday we would not have heard this outcry. I’m not alone in thinking that we can’t trust a WP SEO update.

So, I pose the question to those that were immediately concerned with WP SEO being updated yesterday:

Did you really have issues with your site receiving a security update to a plugin OR was there a fear over an WordPress SEO plugin update?

I would imagine the majority invested in this issue would agree with the later.

Let’s expect more from plugin authors, and appreciate the teams working hard to making WordPress more secure.


As I’m catching up on twitter and reading some more posts I’m seeing some great reactions. Tom’s “Is there a Lack of Integrity in WordPress?” compliments my post well.