The latest update to WordPress, 4.9.3, was released earlier in the week. Unfortunately, it had the unplanned side effect of breaking WordPress’s auto-update feature. This bug spread across millions of sites as they auto-updated themselves from 4.9.2 to WordPress 4.9.3, and it presents a significant roadblock to updating the sites in the future.
What’s The Bug?
The WordPress 4.9.3 bug takes the form of a fatal PHP error induced in the WordPress auto-update process. As it stands now, the code is flawed and the auto-update process will never run to completion. Unless fixed, a site running 4.9.3 will stay on that version indefinitely.
According to WordPress’s core developers, the goal of the code responsible for the bug was to bring down the number of API calls involved in the auto-updating job. Additional details were released on WordPress’s core development blog:
The goal of #43103-core was to get the auto-update cron task to run with fewer API calls. The final commit was bugged through unintentional human error. It triggers a fatal error because the code cannot meet the dependencies of find_core_auto_update (). Unfortunately, this bug was not uncovered prior to the release of 4.9.3; it was first noticed a few hours after the release.
Scope: Affecting Actively-Maintained Sites Only
The ability to update automatically was added to WordPress with version 3.7 four years ago. As initially installed, the WordPress auto-update feature will only conduct minor version updates automatically. Minor versions are those denoted by different numbers in the farthest-right column of your WP version number. Thus, your site would auto-update from 4.9.3 to 4.9.4, but not to WordPress 5.0.0.
This distinction matters in defining the scope of the bug. Only sites running WordPress 4.9.2 and set to run minor updates automatically ended up switching to 4.9.3, the new version with the broken update bug.
What this means is that the population of websites affected by the bug is smaller than the total pool of all WordPress sites. Because of the way the auto-update feature works, sites that received the flawed update had to have been updated manually to WordPress 4.9 when that version was released.
WordPress 4.9, also known as ‘Tipton,’ was released on November 16, 2017. Only sites which were manually updated by their owners after that date can be affected by the 4.9.3 bug. What this boils down to is that the scope of sites affected by the bug is largely constrained to those actively-maintained sites which have been manually updated by owners or admins at some time in the past three months. Sites which were not manually updated in that time frame were not running WordPress 4.9.2 and so, therefore, are not affected by the bug. Sites which have not been actively maintained are still on an older track.
The sites which we worry about are those that were updated to or launched after WordPress 4.9 which are now unmaintained. With a broken auto-update feature, those sites may go without updates for years until they are finally given manual attention by an owner or operator. Note that unmaintained sites with a lower version number have not been affected by this latest bug.
For example, we have a test website which has been running in an unmaintained state which is currently on WordPress 3.9.23. We’ve checked it and its auto-update feature is still working; no manual updating is required. We confirmed that the site was still auto-updating when we saw it update itself on January 16th.
Now Is The Time For A Manual Update
If you are currently enrolled in a ‘Managed WordPress’ plan with your hosting company, you may find that your provider was resolved this issue for you. It’s still a smart idea to check your sites yourself. If your sites are stuck at WordPress 4.9.3, you’ll have to manually update them to fix the auto-update feature. Simply sign in under an admin account and click the ‘Update Now’ option found on the Updates page on your Dashboard.
Once the update is complete, check your site’s core version on the bottom right of your admin panel. If the update was successful, you’ll see ‘Version 4.9.4’ there.
Share this info around to other WordPress site operators. Everyone who uses WordPress needs to be aware of this issue and make sure their sites do not end up stuck on version 4.9.3.