Recently a friend of mine had his WordPress blog hacked via a vulnerability, which prompted me to revisit the idea of a simple script that would update all of the WordPress installations on my server. I confess I'm not the most organised of hosts and can't actually remember where they all are. Turns out there are (currently) 23 WordPress installs on the server, so I needed a solution.
Through past experimenting I determined that it was safe enough to simply copy the contents of the latest version directly over the existing ones. This is especially true with the latest versions where the code base has settled down somewhat and file contents and functions are not changing as often as they used to. The basic idea, then, is to find all the WordPress installs, download the latest version of WordPress and combine the two.
I eventually came up with the following. It's a shell script that I run as root and it works for me. It may not work for you, and I accept no responsibility if it trashes your system.
The script is divided into several blocks, preceded by a description of what that block does. You should combine all of these into a single file (or view the whole thing, here), save it in a location not accessible over HTTP and log in as root to run it.
First we start the script by defining our bash path:
#!/bin/bash
then we download and unpack the latest version of WordPress, removing any files we don't want:
wget http://wordpress.org/latest.zip
unzip >/dev/null/ latest.zip
cd wordpress
rm wp-config-sample.php licence.txt readme.html
Our next task is to get a list of all WordPress installations on the server. I did this by looking for all copies of the WordPress configuration file, wp-config.php. We output this list to a file called 'wp-installs', then remove the filename from each entry with sed:
locate wp-config.php >../wp-installs
sed -i 's/wp-config.php//g' ../wp-installs
TIP: If your server does't have locate installed, see Mike M's comment below about using find instead.
Now we can step through this list of directories and copy the contents of our fresh and up-to-date WordPress folder to each one in turn:
while read dest
do
cp -R ./* $dest
done <../wp-installs
Finally, we perform some cleanup:
cd ..
rm wp-installs
rm -R wordpress
rm latest.zip
All of your WordPress installs should now be using the latest version (3.0.2 at the time of writing) and all that remains is to log in to each one in turn and check that everything still works. The first time you attempt a login after running this script, you may be prompted to upgrade the database depending on how long it was since you last updated that particular installation.
I've no doubt there's an easier way to do this, and welcome any suggestions and comments. I'm also considering a cron job to run this script every evening, keeping WordPress as up to date as possible.
Updated: 9th December
Used the script this morning to update all 23 sites in a few seconds. Makes things much less hassle.
Originally Posted: 5th December 2010
find /home -name wp-config.php > ../wp-installs
But everything seemed to work great. Good way to force people to upgrade and keep the server (more) secure.