# Disables all core updates:
define( 'WP_AUTO_UPDATE_CORE', false );
# Enables all core updates, including minor and major:
define( 'WP_AUTO_UPDATE_CORE', true );
# Enables core updates for minor releases (default):
define( 'WP_AUTO_UPDATE_CORE', 'minor' );
Wordpress is secure, the plugins are the problem. There is noone checking available plugins.i hope WP is somehow secure already by default like b2evolution
Well, WP and b2evolution are the children of the same couplei hope WP is somehow secure already by default like b2evolution
Second that.Found to other things you should check.
- Disable directory indexing on plugins folder
- Scan your themes for malicious code http://wordpress.org/plugins/tac/
Install wordfence for scans and notifications. It does it all
I liked it when I used it for a little while, but it doesn't work with IPv6. If you have AAAA records the scanning service will use them, but it doesn't actually work with IPv6 so everything stops functioning. It was great otherwise.I stand by Wordfence. I've used it for quite a while and I've been impressed with how well of a job it has done.
Why?WordFence is a better option