I recently set up a new VPS on DigitalOcean and chose to manage the web stack and sites with EasyEngine. I’m very impressed with EashEngine, but the fact it makes deploying sites so easy shows up how much overhead there is in staying on top of multiple WordPress installs.
As the recent vulnerability in the REST API showed, keeping on top of updates is really crucial. In the past I’ve used a management system called InifinteWP, but I’ve decided I would rather use fewer tools and instead rely on WP CLI.
The key commands
There are four basic commands key to staying on top of updates:
wp core check-update
wp core update
wp plugin list
wp plugin update --all
They’re self explanatory, and with these you can find out if there are any updates available, and apply them.
But logging in to a server, navigating to the web directory, and running potentially four commands is not exactly time saving. Especially when you need to be doing this in a daily basis to ensure critical patches are applied as soon as possible. (Monitoring the vulnerability disclosure lists is a topic for another day.)
Luckily we can easily automate this with a simple bash script with just a few essential steps:
- find all WordPress installs and loop over them
- navigate into their directory
- run the two WP CLI commands needed to check for updates to core and plugins
Once the basics work the script can be easily extended with options such as a choice between checking for updates or doing updates.
The standard way of finding a WordPress install so you can use WP CLI is to search for
wp-config.php files since you can be certain it exists. Then navigate to the directory where you found it, and execute the command.
However, EasyEngine uses a security conscious directory structure with
htdocs. This is very sensible, but impacts WP CLI the commands won’t run here – we need to move down into the htdocs directory. One solution is to just add a
cd htdocs, but that would mean the script becomes specific to this server setup. Instead, just choose another core file / directory to search for – I went for
There are many ways this could be extended or customised – but this gist covers the basics and should be flexible enough to cover both EasyEngine and non-EasyEngine setups:
Why ask when you can be told
The last piece of the puzzle is combing the script with cron and mail.
Instead of logging in each day to run the script and check for updates, we can use cron to run it and email the output. This means I can wait for the server to tell me when I need to log in and run an update, and not have to constantly check.
For example, on Ubuntu you can
$ sudo crontab -e then add
30 6 * * * su myuser -c '/home/myuser/wp_helper.sh | mail -s "WP Helper update checker" "[email protected]" # run wp_helper.sh at 0630 daily and email.' to run the script at 630 am every day and email the result. Note – this adds the cron job to the root crontab; this means that it will be run as root and so WP CLI will throw a warning. To avoid this
su myuser -c runs the command as a chosen user.
I want to review changlogs and test before updating, so am only running the script in check mode. If you are happy auto-updating you could either pass the relevant arguments to the script or use the native WordPress functions.