Ok, so not the most stellar performance by the WordPress core team this past week. On Thursday, they released WordPress 5.2.2. This was a short-cycle security and maintenance release. It featured 14 bug fixes in addition to 10 security fixes. You can review the included items in the release announcement at wordpress.org. Because this was a security release, the WordPress core team recommended that you update your sites immediately. Here at Outcome Labs, we test all WordPress updates on our sandbox sites and then our own sites before upgrading client sites. We usually turn this type of update within a day of availability.
Unfortunately, as new issue was introduced in the WordPress 5.5.2 update which made it impossible to install WordPress on a brand new website that did not have a database connection configured. This did not affect sites where a database connection is already configured, for example, via one-click installers or an existing wp-config.php file. The core team quickly prepped an update (5.5.3) to resolve the issue.
Not the best situation, but the WordPress platform is a complex platform and issues can arise. The positive news was that the issue was quickly reported and the core team engaged immediately to get the issue resolved. Unfortunately, the next part of the story is not so positive. An error in the auto-update system caused sites to update to WordPress 5.5.3-alpha-49449, including live production sites with no auto-update constants defined. Sites that were accidentally updated also installed all the default themes released over the last decade, as well as Akismet.
In under an hour, all affected sites were automatically returned to 5.5.2, but the incident eroded trust and damaged confidence in the auto-update system. You can read more about the community reaction in this post on WP Tavern. The WordPress core team did release 5.5.3 on Friday (10/30/20). You can read the release update here which also covers the incorrect auto-update issue.
We wrote a research note with our thoughts on unattended updates a few weeks ago. It was titled “WordPress Auto-Updates — Yes or No?“. It’s probably worth reviewing if you haven’t read it yet. If you are on an Outcome Labs WordPress Monthly Care Plan, the incorrect update was not applied to your site and it will have 5.5.3 applied by midday on Sunday November 1, 2020. Please reach out to our support team if you have any questions or concerns.