Summary

  • Important security patches and updates for WordPress plugins will be installed by WP NET whenever possible (details below)
  • General, non-security related plugin updates are the responsibility of the customer
  • WP NET recommends that customers keep their WordPress plugins up-to-date

General, Non-Security Related Plugin Updates

The customer is responsible for all day-to-day, general updates of their WordPress plugins. This means updates that only include general improvements, new features, bug fixes and other, non-security related changes.

Security and Critical Bugfix Plugin Updates

Note: The following applies to plugins downloaded from the WordPress.org Plugin Directory only.

WP NET staff use specialised software to monitor security databases, blogs and other sources so that we are informed of vulnerabilities and other security issues with WordPress plugins as they are discovered.

If a serious security vulnerability is discovered in a WordPress plugin we will automatically deploy updates to address the issues as soon as practicable after the plugin author makes a patch available.

Security Updates for Premium / Paid Plugins

Many premium / paid WordPress plugins require that they are authorised to receive automatic updates through the WordPress Admin by way of an activation or license key. It is the customers responsibility to ensure that licenses and activation keys are in place so that updates can be received. If an activation or license key is not present, or has expired, WP NET may not be able to deploy updates for the plugin in question.

WP NET does not accept any responsibility for any problems that may arise from a bug or security vulnerability in a premium plugin that is blocked from receiving updates because of an expired or missing license activation.

Furthermore, if a plugin is installed that has no automatic update facility (or does not interface correctly with the WordPress update API), WP NET accepts no responsibility for any problems that may arise from a bug or security vulnerability that may exist in said plugin.

If a serious security vulnerability is discovered in a premium plugin and WP NET has no ability to deploy an update, we will contact you and advise you of our recommended course of action. In extreme cases, we may deactivate the plugin.

Disclaimer: WP NET accepts no responsibility for any data-loss, site defacement or other malicious activity that may occur due to a website compromise as a direct result of an exploited WordPress plugin or theme.

WooCommerce

WooCommerce updates are not covered by our WP Shield support service. However, security updates will be deployed where possible and when the security risk is deemed sufficiently high.

In some cases, WooCommerce developers can push auto-updates for WooCommerce. For example, if a security vulnerability is discovered in WooCommerce v2.5.4 and lower, and a fix is provided in version 2.5.5:

  • All customers already on v2.5.x (i.e. 2.5.0, 2.5.1, 2.5.2, 2.5.3 and 2.5.4) will be automatically updated to v2.5.5.
  • Customers on earlier major versions, such as 2.2.x, 2.3.x, 2.4.x will not be updated

For more help, see our WooCommerce Update Guide.

When a serious vulnerability is discovered in WooCommerce we will usually contact customers by email, advising them about the issue and providing a recommended course of action.

Extreme Cases

In some extreme and rare circumstances, if a very serious vulnerability is discovered, and a patch is not yet available, we may -- at our discretion -- deactivate or remove a plugin if we deem it necessary to maintain the overall integrity, security and performance of our networks and hosting systems.

Please note that serious security vulnerability means any bug or other flaw that could compromise the security or significantly impair the performance of our customers websites or our servers and hosting systems. This applies to plugins from the official WordPress plugin repository and premium / paid plugins.

Disallowed Plugins

Some plugins are disallowed on our servers for performance or security reasons and will be removed if they are detected. Please see the Disallowed WordPress Plugins for details.


If you have any questions regarding this policy or need any help or advice regarding updating WordPress plugins, please do not hesitate to open a support ticket and we will gladly help.

Was this answer helpful? 0 Users Found This Useful (0 Votes)