Thanks for reaching out and your kind words about Wordfence.
Wordfence wouldn’t intentionally block updates from WordPress. I suppose it would be possible for a site owner to block WordPress IPs unintentionally if the site owner was in the habit of blocking IPs without really knowing who those IPs belonged to. The best way to tell would be to put the firewall into learning mode (Wordfence > Firewall > Manage WAF) and see if the update works. If the update still doesn’t work, you can try deactivating Wordfence and seeing if the update still doesn’t work. If it still doesn’t work it is almost certainly not Wordfence blocking it. I say “almost certainly” because there may be some bizarre circumstance that I haven’t seen or am not considering, but still, when you disable a plugin and the problem is still there, then the general consensus is that the plugin isn’t what caused the issue.
There are many plugins that let you turn updates off. And you can turn off updates by adding constants in wp-config.php. These constants are:
define( ‘AUTOMATIC_UPDATER_DISABLED’, true ); // Disable all WordPress auto-updates
define( ‘WP_AUTO_UPDATE_CORE’, false ); // Only disable core updates
define( ‘WP_AUTO_UPDATE_CORE’, ‘minor’ ); // Only enable minor core updates
So I’d check the wp-config.php file to see if it is being done there.
I hope this helps. If you have follow up questions, please feel free to respond here and ask.
Tim
