Savvy / Blog / WordPress Development / How to Disable Automatic WordPress Updates (No Plugins)

How to Disable Automatic WordPress Updates (No Plugins)

By Roee Yossef • Updated on Feb 15, 2026 • No Comments

Automatic updates in WordPress keep your site secure and up-to-date without manual intervention. However, there are situations where you might want to disable them – or at least control which updates run automatically.

This guide explains why and how to disable automatic WordPress updates, weighing the pros and cons so you can make the right call for your site.

Why Disable Automatic WordPress Updates?

While automatic updates help protect your website from vulnerabilities, they can sometimes cause compatibility issues with themes or plugins.

Disabling these updates gives you full control over when updates are applied. This lets you test them in a staging environment or child theme first, reducing the risk of unexpected breakage on a live site.

“If you rely on specific plugins or custom code, automatic updates could lead to unexpected site downtime.”

Pros and Cons of Disabling WordPress Updates

Before deciding to disable automatic updates, it’s important to weigh the benefits and drawbacks.

Pros of Disabling Updates

Disabling automatic updates offers several advantages, especially for site owners who prioritize stability and custom configurations.

More Control: You decide when and what to update, minimizing the risk of conflicts.
Stability: Avoid potential issues caused by updates that haven’t been tested with your theme or plugins.
Customization: Prevent WordPress from overwriting custom changes to theme files or plugin modifications.

Cons of Disabling Updates

However, disabling updates also has downsides, particularly in terms of site security and maintenance.

Security Risks: Delaying updates can leave your site vulnerable to known exploits. Attackers actively target unpatched WordPress installations.
Maintenance Overhead: You’ll need to manually monitor and apply updates on a regular basis.
Site Health Warnings: WordPress Site Health will flag disabled auto-updates as a potential issue, which can be confusing if you’ve made a deliberate choice.

Disabling minor (security) updates is almost always a bad idea. Minor releases patch critical vulnerabilities and bugs. If you disable anything, keep minor core updates enabled and only disable major updates until you can test them.

How to Disable Automatic Updates without a Plugin?

Disabling automatic updates without a plugin is a straightforward process. By modifying specific WordPress configuration files, you can control exactly which updates run automatically.

Step 1: Add Code to Your wp-config.php File

The wp-config.php file is a critical configuration file for your WordPress installation. Adding the right constant here can disable all automatic updates.

define('AUTOMATIC_UPDATER_DISABLED', true);

This constant disables the entire automatic updater system, including core (major and minor), plugin, theme, and translation updates. It takes precedence over any UI settings or filters.

For more granular control over core updates only, use the WP_AUTO_UPDATE_CORE constant instead:

// Disable all automatic core updates
define('WP_AUTO_UPDATE_CORE', false);

// Enable only minor (security) updates - recommended
define('WP_AUTO_UPDATE_CORE', 'minor');

Setting WP_AUTO_UPDATE_CORE to 'minor' is the recommended approach. It keeps security patches flowing while giving you control over major version upgrades.

Step 2: Disable Automatic Updates by Adding Filter Code

To disable only certain types of updates using filters, add the following code in your theme’s functions.php file:

// Disable all core updates (major and minor)
add_filter('automatic_updater_disabled', '__return_true');

// Disable only major core updates
add_filter('allow_major_auto_core_updates', '__return_false');

// Disable only minor core updates
add_filter('allow_minor_auto_core_updates', '__return_false');

The first filter disables all core updates entirely. The second and third let you specifically disable either major or minor updates while keeping the other enabled.

Step 3: Disable Automatic Updates for Plugins and Themes

If you want to disable automatic updates for plugins and themes, use the following filters in your functions.php file:

// Disable automatic updates for all plugins
add_filter('auto_update_plugin', '__return_false');

// Disable automatic updates for all themes
add_filter('auto_update_theme', '__return_false');

These filters ensure that plugins and themes will not automatically update, giving you complete control over all aspects of your WordPress site’s updates.

You can also disable translation updates if needed:

// Disable automatic translation updates
add_filter('auto_update_translation', '__return_false');

Step 4: Using DISALLOW_FILE_MODS

Another constant worth knowing is DISALLOW_FILE_MODS. When set to true in your wp-config.php, it blocks all file modifications through the WordPress admin – including updates, plugin/theme installations, and the built-in file editors.

define('DISALLOW_FILE_MODS', true);

This is a more aggressive approach. It’s commonly used in Git-based deployment workflows where all code changes should come through version control, not the WordPress dashboard.

Note that DISALLOW_FILE_MODS also disables the theme and plugin file editors, so you don’t need to set DISALLOW_FILE_EDIT separately.

Auto-Update Plugins via Dashboard

WordPress also allows you to manage plugin and theme updates directly from the admin dashboard without using code. Navigate to Plugins > Installed Plugins and toggle auto-updates for each plugin individually.

However, if you apply the auto_update_plugin filter in your functions.php file, it will override these dashboard settings. For instance, if you disable automatic plugin updates using the filter, it will prevent updates even if auto-updates are enabled in the dashboard.

Major vs. Minor Updates

Understanding the difference between major and minor updates is crucial for managing your site’s update strategy effectively.

Major Updates: These introduce new features, significant changes, or improvements (e.g., version 6.7 to 6.8). They may include breaking changes that affect theme or plugin compatibility.
Minor Updates: These are security patches, bug fixes, or maintenance releases (e.g., version 6.7.1 to 6.7.2). They are designed to be safe and non-breaking.

Minor updates are usually safe to apply automatically as they address urgent security or bug fixes. Major updates may require thorough testing before deployment.

“WordPress has shipped minor auto-updates by default since version 3.7. This design decision was made specifically to close security vulnerabilities quickly across the entire WordPress ecosystem.”

Best Practices for Managing WordPress Updates

Rather than disabling all updates entirely, consider a balanced approach that keeps your site both secure and stable.

Keep minor updates enabled: Set WP_AUTO_UPDATE_CORE to 'minor' so security patches apply automatically.
Test major updates in staging: Use a staging environment to test major WordPress releases, plugin updates, and theme updates before applying them to production.
Automate backups: Always have a recent backup before any update. Use a reliable backup and restore solution so you can roll back if something breaks.
Monitor Site Health: Check Tools > Site Health in your WordPress dashboard regularly. It flags auto-update issues and other potential problems.
Review update logs: WordPress sends email notifications after automatic updates. Review these to stay informed about what changed on your site.

If you manage a high-traffic or business-critical site, the safest approach is to enable minor auto-updates for security, disable major auto-updates, and test everything in a staging environment before deploying to production.

FAQs

Common questions about disabling automatic WordPress updates:

What is the difference between AUTOMATIC_UPDATER_DISABLED and WP_AUTO_UPDATE_CORE?

AUTOMATIC_UPDATER_DISABLED disables the entire automatic update system - core, plugins, themes, and translations. WP_AUTO_UPDATE_CORE only controls core updates and accepts values like true, false, or 'minor' for more granular control.

Is it safe to disable minor WordPress updates?

Disabling minor updates is not recommended. Minor releases contain critical security patches and bug fixes. If you skip them, your site becomes vulnerable to known exploits that attackers actively target. Keep minor updates enabled and only disable major updates if needed.

Will disabling auto-updates affect WordPress Site Health?

Yes. WordPress Site Health checks whether background updates can run and may flag disabled auto-updates as a critical issue or recommended improvement. This is expected behavior if you've intentionally disabled updates - it does not mean your site is broken.

What does DISALLOW_FILE_MODS do compared to disabling updates?

DISALLOW_FILE_MODS blocks all file modifications through the WordPress admin, including updates, plugin and theme installations, and the built-in code editors. It is more restrictive than just disabling updates and is commonly used in Git-based deployment workflows.

Can I disable auto-updates for specific plugins only?

Yes. The auto_update_plugin filter receives the plugin item as a second parameter. You can check the plugin slug and return false only for specific plugins while allowing others to update automatically. You can also toggle auto-updates per plugin from the WordPress dashboard under Plugins > Installed Plugins.

Conclusion

Disabling automatic WordPress updates can be beneficial in certain scenarios, particularly for those who prioritize stability and control over their environment.

However, the best approach for most sites is not to disable everything. Keep minor security updates enabled, test major updates in staging, and maintain regular backups. This way, you get the security benefits of automatic patching while avoiding the risks of untested major changes.