WordPress has long been criticized for being insecure. Some of this comes from prior versions of PHP having security issues, some of it comes from user configuration errors, and some of it comes from WordPress itself. In addition, WordPress does not specify any differences between regular theme and plugin updates and security updates. This means we should treat all theme and plugin updates as security updates and apply them sooner rather than later. The good news is that as of WordPress 6.6, we have a safer way to set themes and plugins to auto-update. The core team has added a rollback feature if any error is detected upon a theme or plugin update. WordPress then reverts the affected theme or plugin to the prior version and sends an email notification to the site owner. While activating this seems like a no-brainer, there are some caveats that site owners should consider. In this presentation, we will discuss the new rollback feature, its benefits, and potential pitfalls. We expect people to have thoughts and opinions on this topic and encourage a lively discussion.
