Skip to content
Roots
  • Home page
  1. Blog

When WordPress Auto-Updates Go Wrong

Ben Word Ben Word on

Last week, an issue in the popular GiveWP donation plugin exposed donor information in the source code of websites using the plugin. While the privacy breach itself was serious, it highlighted a deeper operational issue that many WordPress sites face: the risks of auto-updating plugins in production environments.

What happened

On July 29th, a GitHub issue was filed reporting that GiveWP was inadvertently exposing donor names and email addresses directly in the page source code. The issue was discovered after it affected Pi-hole, the popular network-wide ad blocker, exposing their donor information on their website.

The leaked data looked something like this:

<script id="give-donation-options-js-extra">
var GiveDonationOptions = {
  "isAdmin": "",
  // ... other options
  "donors": {
    "12345": {
      "name": "John Doe",
      "email": "john@example.com"
    },
    "67890": {
      "name": "Jane Smith", 
      "email": "jane@example.com"
    }
    // ... more donor data
  }
}
</script>

This data was sitting in plain view for anyone who knew to check the page source and it was there for potentially a full week, meaning search engine crawlers, archival bots, and other automated systems likely captured it.

The plugin was patched within 24 hours of the report, but the damage was already done. Sites that had auto-updates enabled found themselves automatically pulling in the problematic version, then automatically getting the fix, all without any human oversight or testing.

The real problem

While GiveWP absolutely deserves criticism for the data exposure and their inadequate response, this incident exposed a more fundamental issue: many WordPress sites, including those handling sensitive data, are treating plugin updates like they’re running a personal blog.

Not all WordPress sites are created equal

The approach that works for a personal blog where auto-updates might be convenient and the worst-case scenario is a broken layout. It becomes dangerous when you’re handling donor information, customer data, or running business-critical operations.

Many organizations continue to treat their WordPress sites the same way, regardless of what’s at stake. A nonprofit collecting donations needs the same operational rigor as any other application handling sensitive user data.

What proper dependency management looks like

Professional web applications don’t auto-update dependencies in production. Instead, they use:

  • Version control for dependencies — Know exactly what code is running and when it changed
  • Staging environments — Test updates before they hit production
  • Manual deployment approval — Human oversight for production changes
  • Rollback capabilities — Quick recovery when things go wrong

This is basic operational hygiene for any site that matters to your organization or users.

How Bedrock solves this

This is exactly why we created Bedrock. Instead of managing WordPress through the admin dashboard, Bedrock brings modern development practices to WordPress:

  • Composer manages plugins and WordPress core — Dependencies are explicitly versioned and tracked
  • Environment-specific configuration — Different settings for development, staging, and production
  • No admin-based updates — Removes the temptation and risk of clicking “update” in production
  • Standard deployment workflows — Use the same CI/CD practices you’d use for any other application

With Bedrock, the GiveWP incident could have played out differently. While no tooling can guarantee you’ll catch every data exposure issue in testing, having a proper staging environment and controlled deployment process gives you the opportunity to identify issues before they hit production. At a minimum, both deploying the problematic version and deploying the fix would have been deliberate, controlled processes rather than automatic ones, giving you visibility into what changed and when.

Moving forward

The GiveWP incident is a reminder that WordPress powers far more than personal blogs these days. If your site handles user data, processes payments, or is critical to your organization, it deserves the same operational care you’d give any other application.

Auto-updates have their place, but production isn’t it.

Discuss this post on Roots Discourse

About the author

Ben Word

Ben Word has been creating WordPress sites since 2004. He loves dogs, climbing, and yoga, and is passionate about helping people build awesome things on the web.

Subscribe for updates

Join over 8,000 subscribers on our newsletter to get the latest Roots updates and tips on building better WordPress sites

Looking for WordPress plugin recommendations, the newest modern WordPress projects, and general web development tips and articles?

One last step! Check your email for a verification link.