After installing Wordfence to all of my wordpress sites, I receive a dozen e-mails a day about plugins that should be updated. I don’t use many plugins, so usually I just go ahead and update them with wp-cli, because I feel they are safe to update. Main advantage of the wp-cli is that I don’t get http timeouts or stuff like that.
Updating all the plugins for multiple sites (I think I have about 10 of them) did become a repetitive task, so I wrote a little shell script for it. Of course you have to make sure that all the websites can be auto updated, or if there may be a plugin that will break after an update. So only use this if you are certain you just want to go ahead and take a little risk of breaking things.
I added an .auto-update file in each document root of the site I want to update automatically. I changed the owner permissions of .auto-update to root:webuser so that the webuser cannot remove this file, but still I can use this file to determine the owner of the wp-content folders. I need this to change the ownership back to the website owner after updating.
Very simple and easy script, but well, the stackoverflow generation (myself included) just loves to copy ans paste right? ;-)
for wppath in $(find /home/ -name '.auto-update');
owner=`stat -c "%G" $wppath`
/usr/local/sbin/wp-cli.phar --allow-root --path=$dirname plugin update --all
chown -R $owner:$owner $dirname/wp-content
I put this script in my /root folder with 700 permissions. I didn’t put this in a cronjob, I keep monitoring the e-mails that Wordfence sends me to see if I need to take action.