Secure Wordpress Upgrade

README.md

Secure Wordpress Upgrade

What does this do?

1. Downloads wordpress if it's newer than the last time this ran.
2. Updates wordpress by overwriting the existing files.

What does this not do?

1. This does not backup your database. You should do that in addition to this.

Why is this better?

1. It's Automatic so you don't need to worry about it
2. No security tradeoffs. You still get locked down file permissions.

Instructions:

1. Download this file to the computer, put it in /opt/upgradewordpress, and make it executable.

curl -Lso /tmp/upgradewordpress.sh https://gist.github.com/jondb/81d829b51fa1bc25df5c3db4c3832461/raw/upgrade.sh
sudo mkdir -p /opt/upgradewordpress
sudo mv /tmp/upgradewordpress.sh /opt/upgradewordpress/upgrade.sh
sudo chown root:root /opt/upgradewordpress/upgrade.sh
sudo chmod 755 /opt/upgradewordpress/upgrade.sh

2. Make the cache directory

sudo mkdir -p /var/run/upgradewordpress

3. Update the crontab

sudo crontab -e

then copy/paste the following into that

0 22 * * * /opt/upgradewordpress/upgrade.sh

4. Celebrate

upgrade.sh

#!/bin/bash

set -eu

CACHEDIR=/var/run/upgradewordpress
WORDPRESSDIR=/var/www/html

SOURCE=${CACHEDIR}/latest.tgz

mkdir -p $CACHEDIR
cd $CACHEDIR

if test -e "$SOURCE"; then
  zflag="-z $SOURCE"
else
  zflag=
fi
BYTES=$(curl -s -o "$SOURCE" $zflag "https://wordpress.org/latest.tar.gz" -w %{size_download})

if [ $BYTES -eq 0 ]; then
  exit 0
fi

cd $CACHEDIR
tar xzf latest.tgz
mkdir wordpress/wp-content/upgrade
sudo cp -a wordpress/. ${WORDPRESSDIR}
sudo chown -R jon:www-data ${WORDPRESSDIR}
sudo find ${WORDPRESSDIR} -type d -exec chmod g+s {} \;
sudo chmod g+w ${WORDPRESSDIR}/wp-content
sudo chmod -R g+w ${WORDPRESSDIR}/wp-content/themes
sudo chmod -R g+w ${WORDPRESSDIR}/wp-content/plugins

wordpress.md

Resources to setup Wordpress, NGINX, LetsEncrypt, and MySQL on Ubunto 16.04

1. Install wordpress1
2. Using nginx2
3. With let's encrypt3, and
4. Auto Secure Wordpress Upgrade4