Without User Consent: An Ethical Dilemma for WordPress Plugin Developers

I recently discovered that a popular WordPress plugin had enabled automatic updates without explicitly informing users. How did I find out? I received emails from each site where the plugin was installed informing me that an update had been completed.

But it gets better. Over a holiday break, a colleague asked me to look at a website that wasn’t loading properly. I turned on debugging to find that – you guessed it – this particular plugin was the culprit. The automatic update failed, and some key files were missing. Thankfully, manually uploading a fresh copy of the code fixed the issue.

The incident got me thinking about the ethics behind this move. Not just with a specific plugin author, but all WordPress theme and plugin developers as a whole. So, I reached out to others on the Advanced WordPress Facebook group to get some feedback. Should users have been notified that automatic updates were turned on?

There was some great discussion about the pros and cons of doing this. And Search Engine Journal examined the issue in an article as well. It turns out that a lot of web professionals weren’t thrilled with the idea of enabling this feature without prior notice.

With that, let’s take a closer look at this ethical dilemma faced by WordPress developers – and the development community as a whole. They are a bigger part of the job than you may think.

The Security Conundrum

One can make the case that the plugin authors were at least partially motivated by WordPress security. When a plugin has a security hole, it means websites are exposed until that exploit is patched. Historically, website owners (or their web designers) have been responsible for applying the updates.

Of course, not everyone applies updates regularly. That’s why WordPress 5.5 introduced an auto-update feature. It allows website owners to opt into updates for their themes and plugins. Minor versions of WordPress core have automatically updated for years, and WordPress 5.6 allowed major versions to do the same.

Now, your entire site can be on auto-pilot. This functionality can be a great way to limit exposure to exploits. But the usefulness of this feature isn’t really the question. It’s the implementation.

If plugin or theme authors can simply turn on this feature without informing users, it’s an accident waiting to happen. The scenario I experienced is but a minor example. Imagine if someone used this to push malicious code out to millions of sites that readily applied it. Even if it’s not likely, it’s still possible.

Does that make turning on auto-updates by default worth the risks? Or, does it outweigh the security risks of not doing so?

Padlocks on a fence.

Make Users Aware of Changes

There are plenty of justifications for turning on auto-updates and letting users discover it on their own (or perhaps never). A common refrain is that most people don’t pay attention and therefore it’s better to protect them. Or maybe a plugin has a dependency that requires lockstep updates.

Maybe that makes sense in some cases. But I’d still argue that the ethical thing to do is to tell users about these types of changes. Or, at least make an honest effort to do so.

The WordPress notification UI is littered with messages about Black Friday sales and new features. Why not use it to communicate something important? Even if it gets lost in the clutter, at least a plugin author can say they tried.

Taking it a step further, clearly announcing such a change in an official blog post, social media or support forum would also be helpful. Any channel of communication that connects developers to users is game.

Traffic symbols.

The Better Option? Let Users Decide

I believe that one of the biggest lessons to come out of this situation is that turning on a potentially-breaking feature without notice is bad for customer relations. And, despite the good intentions of a developer, some people are going to take issue with the practice – quite loudly.

It’s reminiscent of the time Apple included a U2 album in everyone’s iTunes account. What was supposed to be an act of benevolence was met with, well, rage in some cases.

For WordPress plugin and theme authors, the better path may be to encourage automatic updates. Use those same channels to advocate for the feature, rather than forcing users to opt-out. That builds trust as opposed to suspicion.

Will as many people use the feature? Probably not. But the psychology at play here will make you look better in the eyes of the people who use your product. They’ll be more likely to stick with you and make future purchases.

Very few things are certain in life. But you can usually count on users to tell you what they think of your decisions. Therefore, it’s important to listen and learn.