lorax - 1:49 pm on Oct 29, 2013 (gmt 0)
It's a huge benefit for the community and for you even if indirectly.
A significant number of the 7 million installs of WordPress are security hazards because they are not kept up to date. I've seen plenty that are several versions behind. Ignorance, fear, and technical ineptitude - it doesn't matter, the installs are not kept up to date by people that love the convenience of a WordPress site but fail to keep it up to date. And that puts us all at risk.
For those that don't want the auto update feature, you can disable it. The core developers foresaw the need and accounted for it. A simple switch added to the wp-config.php file:
Read more here: [make.wordpress.org...]
4. Disable only core updates.
The easiest way to manipulate core updates is with the WP_AUTO_UPDATE_CORE constant:
# Disables all core updates:
define( 'WP_AUTO_UPDATE_CORE', false );
# Enables all core updates, including minor and major:
define( 'WP_AUTO_UPDATE_CORE', true );
# Enables core updates for minor releases (default):
define( 'WP_AUTO_UPDATE_CORE', 'minor' );
Auto updates are a great thing for the community because it will reduce the number of zombie sites compromised by hackers and used to launch any number of malicious attacks. It will take a while to filter out the current stock of zombie sites but they will go away eventually. As the security improves, the size of the bullseye will become smaller, and thus your site become less interesting to a would be hacker.
Think forward. The core development team has been working hard to raise the level of quality and reliability of the Plugin development community. This release lays the foundation for a safer and more secure web. From the same article by Andrew Nacin:
Itís worth noting that the ďautomatic updaterĒ controls more than just WordPress core. If the updater finds it canít or shouldnít update, itíll still send site administrator an email. (Want to disable only that? Itís also covered in this post.) The automatic updater also supports themes and plugins on an opt-in basis. And by default, translations (for themes, plugins, and eventually core) are updated automatically. At some point in the future, the WordPress.org plugin security team will be able to suggest that installs automatically update malicious or dangerously insecure plugins. Thatís a huge win for a safer web.
It's a step in the evolution of the platform and entire community of developers - core and plugin. I imagine you will always be able to edit core, theme, and plugins. The point is for those that like the convenience of auto update OR are unable to manage updating their WP installs, WordPress will manage it for them.