{"id":112577,"date":"2024-04-19T17:21:37","date_gmt":"2024-04-19T17:21:37","guid":{"rendered":"https:\/\/make.wordpress.org\/core\/?p=112577"},"modified":"2024-04-20T18:30:59","modified_gmt":"2024-04-20T18:30:59","slug":"merge-proposal-rollback-auto-update","status":"publish","type":"post","link":"https:\/\/make.wordpress.org\/core\/2024\/04\/19\/merge-proposal-rollback-auto-update\/","title":{"rendered":"Merge Proposal: Rollback Auto-Update"},"content":{"rendered":"<h2 class=\"wp-block-heading\"><strong>Background<\/strong><\/h2>\n\n\n\n<p>The biggest risk for a site owner when updating plugins is encountering a <span tabindex='0' class='glossary-item-container'>PHP<span class='glossary-item-hidden-content'><span class='glossary-item-header'>PHP<\/span> <span class='glossary-item-description'>The web scripting language in which WordPress is primarily architected. WordPress requires PHP 7.4 or higher<\/span><\/span><\/span> fatal error that crashes their website. While <span tabindex='0' class='glossary-item-container'>Core<span class='glossary-item-hidden-content'><span class='glossary-item-header'>Core<\/span> <span class='glossary-item-description'>Core is the set of software required to run WordPress. The Core Development Team builds WordPress.<\/span><\/span><\/span> updates are protected by automatic rollbacks since WordPress 3.7 (<a href=\"https:\/\/core.trac.wordpress.org\/ticket\/22704\">#22704<\/a>), no such protection for plugins was added. Although fatal error protection and recovery mode were added in WordPress 5.2, it requires manual intervention from an administrator, and ideally WordPress should be able to recover on its own in a similar way that Core does. The Upgrade\/Install team began exploring rollbacks for <span tabindex='0' class='glossary-item-container'>plugin<span class='glossary-item-hidden-content'><span class='glossary-item-header'>Plugin<\/span> <span class='glossary-item-description'>A plugin is a piece of software containing a group of functions that can be added to a WordPress website. They can extend functionality or add new features to your WordPress websites. WordPress plugins are written in the PHP programming language and integrate seamlessly with WordPress. These can be free in the WordPress.org Plugin Directory https:\/\/wordpress.org\/plugins\/ or can be cost-based plugin from a third-party<\/span><\/span><\/span> updates.<\/p>\n\n\n\n<p>Rollbacks for plugin updates comprises three features:<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li><a href=\"https:\/\/developer.wordpress.org\/reference\/functions\/move_dir\/\">move_dir()<\/a> \u2013 Introduced in WordPress 6.2 (<a href=\"https:\/\/core.trac.wordpress.org\/ticket\/57375\">#57375<\/a>)<\/li>\n\n\n\n<li>Rollback for plugin\/theme update failures when updating manually \u2013 Introduced in WordPress 6.3 (<a href=\"https:\/\/core.trac.wordpress.org\/ticket\/51857\">#51857<\/a>)<\/li>\n\n\n\n<li>Rollback for plugin auto-updates when failures are encountered \u2013 Covered by this proposal (<a href=\"https:\/\/core.trac.wordpress.org\/ticket\/58281\">#58281<\/a>)<\/li>\n<\/ol>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>Some background references<\/strong><\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/make.wordpress.org\/core\/2021\/02\/19\/feature-plugin-rollback-update-failure\/\">Feature Plugin: Rollback Update Failure<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/wordpress.slack.com\/archives\/CULBN711P\/p1695450809821219\">Early implementation brief \u2013 September 23, 2023<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/wordpress.slack.com\/archives\/CULBN711P\/p1697281722563839?thread_ts=1697281645.203499&amp;cid=CULBN711P\">Implementation follow-up \u2013 October 14, 2023<\/a><\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>Overview<\/strong><\/h2>\n\n\n\n<p>When active plugins are updated, they are briefly deactivated before the new version is installed and reactivated immediately after. Since WordPress 6.3, when an administrator is manually updating plugins, the plugin will not be reactivated if the update causes a PHP fatal error. During an auto-update, this reactivation check does not occur and the next time the site runs users will see the white screen of death (WSOD).<\/p>\n\n\n\n<p>To further protect websites and increase confidence in automatic plugin updates within WordPress, the Rollback Auto-Update <span tabindex='0' class='glossary-item-container'>feature plugin<span class='glossary-item-hidden-content'><span class='glossary-item-header'>Feature Plugin<\/span> <span class='glossary-item-description'>A plugin that was created with the intention of eventually being proposed for inclusion in WordPress Core. See <a href=\"https:\/\/make.wordpress.org\/core\/handbook\/about\/release-cycle\/features-as-plugins\/\">Features as Plugins<\/a>.<\/span><\/span><\/span> aims to detect PHP fatal errors during automatic plugin updates, and subsequently rolls back to the previously installed version.<\/p>\n\n\n\n<p>This proposal is to merge the changes required to also perform rollbacks when fatal errors occur during attempted plugin auto-updates by default.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>Implementation<\/strong><\/h2>\n\n\n\n<p>Rollback Auto-Update performs a loopback request to the homepage to check for PHP fatal errors, using an approach similar to the <a href=\"https:\/\/developer.wordpress.org\/advanced-administration\/plugins\/editor-screen\/\">Plugin or Theme File Editors<\/a>. If a PHP fatal error is encountered, an error handler logs the specific message and the previously installed version of the plugin is restored. When a plugin rollback occurs, a notification will be sent to the site\u2019s administration email (stored in the <code>admin_email<\/code> option) notifying them of the failed update and rollback.<\/p>\n\n\n\n<p>The current implementation attempts to detect a PHP fatal error during an automatic update by using a loopback request to the homepage. If the loopback returns an error, a PHP fatal error in the active plugin is assumed and the update will be reverted for safety.<\/p>\n\n\n\n<p>After the problematic plugin is rolled back, the auto-updating process will continue for any other core, plugin, or theme updates that were in queue. When the next check for auto-updates occurs, WordPress will attempt to update the same plugin again.<\/p>\n\n\n\n<p>Previously, maintenance mode was only enabled during installation of an update. However, testing established that disabling maintenance mode during the rest of the process means that active visits to the site can trigger errors. This can have side effects, such as deactivating plugins, etc. Rollback Auto-Update enables maintenance mode for the duration of all automatic updates. While maintenance mode is enabled for longer, this is relative to the number of updates being performed at that given time \u2013 usually a very low number \u2013 and helps improve stability of automatic updates.<\/p>\n\n\n\n<p>At the time of publishing, this code is being tested on 6,000+ sites running the Rollback Update Failure feature plugin, which has contained the related code since v7.0.0 was released on 10\/12\/2023.<\/p>\n\n\n\n<p>For easier testing of the feature within <code>wordpress-develop<\/code>, a merge PR (<a href=\"https:\/\/github.com\/WordPress\/wordpress-develop\/pull\/5287\">Core-5287<\/a>) has been created.<\/p>\n\n\n\n<p>Due to limitations in the ability to modify <code>wp_is_maintenance_mode()<\/code> in the feature plugin, the PR is slightly different. The feature plugin is available for historical reference. All pre-merge testing should be done using the PR. Some contributors have also been running the PR on sites for a few months.<\/p>\n\n\n\n<p>Example of email text sent to site\u2019s administration email.<\/p>\n\n\n\n<div style=\"padding-left:40px;font-family:sans-serif\">\n<p>Howdy! Plugins failed to update on your site at https:\/\/test.xxxxx.net.<\/p>\n\n<p>Please check your site now. It\u2019s possible that everything is working. If there are updates available, you should update.<\/p>\n\n<p>The following plugins failed to update. If there was a fatal error in the update, the previously installed version has been restored.<br>\n<\/p><ul>\n<li>This Plugin Should Not Be Used (from version 0.1 to 0.2) : https:\/\/wordpress.org\/plugins\/this-plugin-should-not-be-used\/\n<\/li><\/ul>\n\n<p>To manage plugins on your site, visit the Plugins page: https:\/\/test.xxxxx.net\/wp-admin\/plugins.php<\/p>\n\n<p>If you experience any issues or need support, the volunteers in the <span tabindex='0' class='glossary-item-container'>WordPress.org<span class='glossary-item-hidden-content'><span class='glossary-item-header'>WordPress.org<\/span> <span class='glossary-item-description'>The community site where WordPress code is created and shared by the users. This is where you can download the source code for WordPress core, plugins and themes as well as the central location for community conversations and organization.  <a href=\"https:\/\/wordpress.org\/\">https:\/\/wordpress.org\/<\/a><\/span><\/span><\/span> support forums may be able to help.<br>\nhttps:\/\/wordpress.org\/support\/forums\/<\/p>\n\n<p>The WordPress Team<\/p>\n<\/div>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>Testing<\/strong><\/h2>\n\n\n\n<p>There are no known issues directly related to Rollback Auto-Update that don\u2019t currently exist in Core.<\/p>\n\n\n\n<p>I (<a href=\"https:\/\/profiles.wordpress.org\/afragen\/\" class=\"mention\"><span class=\"mentions-prefix\">@<\/span>afragen<\/a>) have been testing using the <a href=\"https:\/\/downloads.wordpress.org\/plugin\/this-plugin-should-not-be-used.0.1.zip\">test plugin<\/a>. The plugin is on a test site, active, and set to auto-update. I have been running like this since the beginning of the year using the PR and on other sites for several years using the feature plugin.<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li>Install the PR into WP 6.5.x or <span tabindex='0' class='glossary-item-container'>trunk<span class='glossary-item-hidden-content'><span class='glossary-item-header'>trunk<\/span> <span class='glossary-item-description'>A directory in Subversion containing the latest development code in preparation for the next major release cycle. If you are running \"trunk\", then you are on the latest revision.<\/span><\/span><\/span>.<\/li>\n\n\n\n<li>Install version 0.1 of the <a href=\"https:\/\/downloads.wordpress.org\/plugin\/this-plugin-should-not-be-used.0.1.zip\">test plugin<\/a>.<\/li>\n\n\n\n<li>Activate the test plugin and enable auto-updates.<\/li>\n<\/ol>\n\n\n\n<p>The WordPress.org update <span tabindex='0' class='glossary-item-container'>API<span class='glossary-item-hidden-content'><span class='glossary-item-header'>API<\/span> <span class='glossary-item-description'>An API or Application Programming Interface is a software intermediary that allows programs to interact with each other and share data in limited, clearly defined ways.<\/span><\/span><\/span> will serve the version 0.2 version of the plugin, which will cause a PHP fatal error. To confirm a rollback is successful, data is written to the <code>error.log<\/code> at every point in the auto-update process, creating an audit trail the user can use to discern the flow and results of rolling back an auto-update. This logging is only intended for testing purposes.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>FAQ<\/strong><\/h2>\n\n\n\n<p>Stay up to date with development on the PR. Please comment on the <a href=\"https:\/\/github.com\/WordPress\/wordpress-develop\/pull\/5287\">GitHub PR <\/a>if any problems are discovered.\u00a0<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>What happens if loopback requests aren\u2019t working?\n<ul class=\"wp-block-list\">\n<li>As demonstrated by the Site Health message for loopback requests that aren\u2019t working: \u201cLoopback requests are used to run scheduled events, and are also used by the built-in editors for themes and plugins to verify code stability.\u201d\u00a0<\/li>\n\n\n\n<li>Auto-updates shouldn\u2019t run if loopback requests aren\u2019t working. If a loopback request fails due to an <span tabindex='0' class='glossary-item-container'>HTTP<span class='glossary-item-hidden-content'><span class='glossary-item-header'>HTTP<\/span> <span class='glossary-item-description'>HTTP is an acronym for Hyper Text Transfer Protocol. HTTP  is the underlying protocol used by the World Wide Web and this protocol defines how messages are formatted and transmitted, and what actions Web servers and browsers should take in response to various commands.<\/span><\/span><\/span> error, Rollback Auto-Update will consider it as a PHP fatal error detected, and revert any plugin updates.<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n\n\n\n<p>As a project, it\u2019s important to continuously evaluate ways to make site management easier for the large majority of users and site owners. Providing safer plugin auto-updates is just one way for WordPress itself to handle problems that may require technical expertise seamlessly for end users.<\/p>\n\n\n\n<p>All feedback will be collected and addressed over the next 2-3 weeks, with the goal of committing to <code>trunk<\/code> after all feedback is addressed to ensure that the feature gets plenty of testing through the nightly builds early in the <a href=\"https:\/\/make.wordpress.org\/core\/6-6\/\">WordPress 6.6<\/a> release cycle.<\/p>\n\n\n\n<p>Props: <em><a href=\"https:\/\/profiles.wordpress.org\/costdev\/\" class=\"mention\"><span class=\"mentions-prefix\">@<\/span>costdev<\/a><\/em> and <em><a href=\"https:\/\/profiles.wordpress.org\/desrosj\/\" class=\"mention\"><span class=\"mentions-prefix\">@<\/span>desrosj<\/a><\/em> for review and editing.<\/p>\n<p class=\"o2-appended-tags\"><a href=\"https:\/\/make.wordpress.org\/core\/tag\/6-6\/\" class=\"tag\"><span class=\"tag-prefix\">#<\/span>6-6<\/a>, <a href=\"https:\/\/make.wordpress.org\/core\/tag\/feature-projects\/\" class=\"tag\"><span class=\"tag-prefix\">#<\/span>feature-projects<\/a>, <a href=\"https:\/\/make.wordpress.org\/core\/tag\/feature-autoupdates\/\" class=\"tag\"><span class=\"tag-prefix\">#<\/span>feature-autoupdates<\/a>, <a href=\"https:\/\/make.wordpress.org\/core\/tag\/merge-proposals\/\" class=\"tag\"><span class=\"tag-prefix\">#<\/span>merge-proposals<\/a>, <a href=\"https:\/\/make.wordpress.org\/core\/tag\/rollback\/\" class=\"tag\"><span class=\"tag-prefix\">#<\/span>rollback<\/a><\/p><nav class='o2-post-footer-actions'><ul class='o2-post-footer-action-row'><\/ul><div class='o2-post-footer-action-likes'><\/div><ul class='o2-post-footer-action-row'><\/ul><\/nav>","protected":false},"excerpt":{"rendered":"<p>Background The biggest risk for a site owner when updating plugins is encountering a PHPPHP The web scripting language in which WordPress is primarily architected. WordPress requires PHP 7.4 or higher fatal error that crashes their website. While CoreCore Core is the set of software required to run WordPress. The Core Development Team builds WordPress. [&hellip;]<\/p>\n","protected":false},"author":6820837,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"advanced_seo_description":"","jetpack_seo_html_title":"","jetpack_seo_noindex":false,"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":true,"jetpack_social_options":{"image_generator_settings":{"template":"highway","enabled":false},"version":2}},"categories":[4424,1174],"tags":[5400,1965,3016,1522,4388],"class_list":["post-112577","post","type-post","status-publish","format-standard","hentry","category-core","category-proposals","tag-6-6","tag-feature-projects","tag-feature-autoupdates","tag-merge-proposals","tag-rollback","mentions-afragen","mentions-costdev","mentions-desrosj","author-afragen"],"revision_note":"","jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/p2AvED-thL","_links":{"self":[{"href":"https:\/\/make.wordpress.org\/core\/wp-json\/wp\/v2\/posts\/112577","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/make.wordpress.org\/core\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/make.wordpress.org\/core\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/make.wordpress.org\/core\/wp-json\/wp\/v2\/users\/6820837"}],"replies":[{"embeddable":true,"href":"https:\/\/make.wordpress.org\/core\/wp-json\/wp\/v2\/comments?post=112577"}],"version-history":[{"count":15,"href":"https:\/\/make.wordpress.org\/core\/wp-json\/wp\/v2\/posts\/112577\/revisions"}],"predecessor-version":[{"id":112597,"href":"https:\/\/make.wordpress.org\/core\/wp-json\/wp\/v2\/posts\/112577\/revisions\/112597"}],"wp:attachment":[{"href":"https:\/\/make.wordpress.org\/core\/wp-json\/wp\/v2\/media?parent=112577"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/make.wordpress.org\/core\/wp-json\/wp\/v2\/categories?post=112577"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/make.wordpress.org\/core\/wp-json\/wp\/v2\/tags?post=112577"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}