Skip to Main Content
January 25, 2014

Introducing WPUpdate - Automatic Updates for Wordpress

Written by David Kennedy
Wordpress is one of those things if you run many installs, its a pain to log into each instant and always keep track with what's new and whats not. With the version 3.8.1 in Wordpress, Wordpress will automatically install security patches for you. This is fine however, in order for Wordpress to update, www-data:www-data/apache permissions need to be set in the /var/www/ directory. As an attacker if I pop the operating system as www-data, I have the ability to manipulate the files even more. By default the wp-config is root:root however the rest of the filesystem isn't. Plus this is just security updates, not full versions of Wordpress. We decided to create something super simple that automatically checks for Wordpress updates once a day for you, automatically installs them, and changes the permissions back to a secure format. We are proud to introduce you to WPUpdate - an automatic way to keep Wordpress always up-to-date. The way it works is you first download WPUpdate to a machine with a Wordpress install:
git clone wpupdate/
Next, go to the wpupdate directory and run python This will automatically install wpupdate for you. The way it works is by placing a startup script in /etc/init.d/wpupdate that will automatically launch when the system does. The very first installation, wpupdate will automatically grab the latest version of Wordpress and place it in /usr/share/wpupdate/database. SHA-512 hashes are created and stored in memory. From there, an it will automatically place the new files in the /var/www directory as a baseline. Once that completes, a second zip is downloaded, hashes compared. If they match, it sleeps until 2AM (based on your system clock). Every 2AM the system will automatically check for new versions, do a hash comparison and download the new version and install if it needs it. After that, it sets the entire folder structure permissions to root:root and puts an exception in for the wp-contents/uploads since that is a normal path for uploads in Wordpress. Note that this does not automatically update the database. Next time you log into Wordpress if a database update is required, it will still prompt you. Where can you get it? Command to clone it: git clone wpupdate/ Update 1: Since the initial release, a lot of development has gone into WPUpdate, it now supports multiple sites on the same host and also supports automatic updates of third party plugins. This should now fit everyones setup and allow Wordpress to always stay 100 percent up-to-date. For a full readme on how to install and the features, visit: