WordPress is a hugely popular blog/CMS platform, but with widespread adoption comes risk: It is a common target for hackers, exploits, etc. Accordingly, you should make sure it gets regular updates.
WordPress has a built-in update mechanism but this also requires that its PHP files be writable by the web server, introducing a new set of security risks.
Luckily there is another option. Instead you can use a command-line tool called WP-CLI, which enables us to script WordPress updates.
These instructions will outline the steps necessary to install WP-CLI, create a script to update multiple sites at once, and install that script as a cron job to ensure updates happen on a regular schedule.
Before You Begin
As with any WordPress maintenance tasks, I recommend making regular backups of your database and files.
For this process to succeed, you’ll need to run your script as a user who has permission to modify the WordPress files. This could be your regular user account, but you might also want to create a dedicated user such with a name like ‘scripts’, and give it write permissions to your WordPress files. It is not recommended to run this as root.
- Install WP-CLI
Install WP-CLI (adapted from http://wp-cli.org/#installing)
curl -O https://raw.githubusercontent.com/wp-cli/builds/gh-pages/phar/wp-cli.phar chmod +x wp-cli.phar sudo mv wp-cli.phar /usr/local/bin/wp
- Test WP-CLI
Run as a user who has write privileges to your WordPress site. If everything works you should get a series of “Success” messages, and/or a list of updated items.
cd /var/www/html # replace with path to your site /usr/local/bin/wp core update /usr/local/bin/wp core update-db /usr/local/bin/wp theme update --all /usr/local/bin/wp plugin update --all
- Create an Update Script
Use your favorite text editor to create a new shell script. In that script, put the following code:
#!/bin/bash # Absolute paths of WordPress sites. Space-separated. sites="/var/www/html/site1 /var/www/html/site2 /var/www/html/site3" for site in $sites; do echo $site /usr/local/bin/wp core update --path=$site --quiet /usr/local/bin/wp core update-db --path=$site --quiet /usr/local/bin/wp theme update --all --path=$site --quiet /usr/local/bin/wp plugin update --all --path=$site --quiet done
- Make The Script Executable
chmod 700 wp-update
- Test The Update Script
If everything works you’ll see a series of “Success” messages, and/or a list of updated items. If you see errors, double-check that your current user has permission to write to the WordPress site directories.
- Install Cron Job
Make sure you’re still logged in as a user who has write permissions for the WordPress site directories.
Now create a new cron entry like this one, including the correct path to your update script. In this example it will run every day at 2:30am.
30 2 * * * /home/scripts/bin/wp-update
Close and save your crontab file.
- If everything worked correctly, your WordPress sites will now auto-update every night.