Our Blog

Automatic WordPress Upgrades

April 12th, 2017

closeThis post was published 2 years 3 months 5 days ago which means the content may no longer be applicable or relevant to the service we offer today. If in doubt, please contact us.

Recently we have been looking at ways to improve upon our core services. One of the things we have been wanting to do for quite some time now is to investigate the possibility of providing automatic WordPress updates and upgrades. We know that managing WordPress installations can be a very time consuming activity; trying to ensure that the WordPress core and all of your plugins are up to date. Failing to do this can result in performance issues or even, as a worst case scenario, a site being hacked or compromised. Since WordPress is by far the most commonly installed script on our servers, we felt that there must be something we can do as a hosting provider to help make the process easier for our customers.

Over the last few weeks we have been developing a script (based on WP-CLI) that checks for out of date WordPress installations and updates them, along with any out of date installed plugins. To our surprise, we found that on every one of our hosting servers, at least 80% of WordPress installations were out of date. Some of these were extremely out of date (even by years) and were vulnerable to many publicly known exploits and vulnerabilities. It was clear to us that keeping WordPress up to date and secure was a big problem that needed addressing.

Having a script automatically update WordPress and its plugins may seem like a scary thought, but it needn’t be. WordPress has included a “one click upgrade” process for quite some time now and even its plugins can be updated automatically from within the dashboard. The script we’ve developed does very much the same thing as this but from a command-line level instead of accessing the WordPress installation via login.

Going forward we will be implementing and running this script across all of our servers to keep WordPress installations up to date on a regular basis. Please be advised that this does not guarantee your WordPress installations will be secure, as every installation is different, but we do hope that it will help to further protect our customers against insecure versions of both WordPress and plugins that they may have installed – as well as ease the management and maintenance required.

Please let us know your thoughts or provide any feedback in the comments below.

Six Comments

  1. H Khalil

    April 14, 2017

    Good idea, but one thing I worry about is compatibility of plugins. I use a number of WP themes that come bundled with particular plugins which the theme creators have modified or incorporated in a certain way. Often the plugin is available separately as a standalone purchase, but if you upgrade to the latest version, it can sometimes break the theme integration. The recommended way is to wait for the theme developer to release an update. Might your script cause some issues in these cases? Layer Slider and Visual Composer are two plugins I can immediately think of that are often customised by themes in this way.

  2. Douglas McGregor

    April 14, 2017

    If the plugins are part of the theme itself then I can confirm that these are not touched at all. We specifically exclude updating themes for this very reason, as we know many customers will have modifications or other custom updates that could be affected. The only things that we update are the WordPress core and the WordPress plugins as listed directly in the plugins section of the dashboard.

  3. Douglas McGregor

    April 14, 2017

    I have been talking more with our technical bods, and they have asked me to ask you how these themes operate that you utilise from Themeforest. Are they shipped with plugins that are uploaded to the wp-content/plugins folder, or are they stored within the theme folder itself and included that way?

  4. Hyder Khalil

    May 8, 2017

    Hi Douglas, sorry for the delayed reply. I didn’t get a notification of your comments.

    The themes I typically use seem to include the plugins in the WP plugins folder. Sometimes the folder name is simply that of the plugin and other times it is custom in the form of PluginName_ThemeName or similar.

    Hope that helps.

  5. Douglas McGregor

    May 8, 2017

    No problem, thank you for getting back to me! I will discuss with the team about creating an opt-out/exclusion system for installations so that in these cases customers can decide if they would rather handle things on their own. Would that be a good solution for you?

  6. Hyder Khalil

    May 8, 2017

    Hi Douglas, thanks for the quick reply!

    An opt-out would work for me. I use a security plugin on most sites which also notifies me when there are updates available for installed themes/plugins, so I tend to go in and update those for clients who have a maintenance agreement with me.

    For those that don’t, your updates should help and if something breaks… well, that’s why they should consider a maintenance plan 😉

What do you think?