Enable auto-updates shows for plugins with no support

[elrae]

I installed / activated the WordPress Auto-updates plugin (Version 0.8.1), and it shows "Enable auto-updates" and allows me to click that and enable auto-updates for ANY plugin. There are some custom written plugins I have in there that have no auto-update capability, so those plugins will never be updated. This could provide a false sense of security to users. There should be some opt-in mechanism for plugin authors to specify their plugin is even capable of auto-updates (same with themes).

[pbiron]

Thanx for the ticket.

I'll answer in relation to how this will work in core once 5.5.0 is released (or right now if you're using the ​WordPress Beta Tester set to "Bleeding Edge"), although the same applies to the feature plugin.

I'm not sure how this feature would provide "false sense of security". All that enabling auto-updates does is that if an update becomes available it tells the auto-updater to apply that update automatically. If no updates ever become available, then nothing will happen.

There has been some discussion during the development of the feature plugin about adding hooks that would allow the Enable/Disable auto-updates to be replaced for specific plugins/themes (e.g., with plain text such as "Auto-updates controlled by Plugin X"). For some of that discussion, see the ​Interoperability between existing and new filters and constants issue on the feature plugin repo.

Unfortunately, it's not an easy problem to solve in the general case. But this ticket is certainly a good place to continue that discussion from the feature plugin, for how it might be solved in core.