Plugin update (WordPress)
What is the best way to update plugins in situations where this is not possible through WP-CLI or through the GUI? How does the WordPress update procedure for plugins or themes works anyway?
How does auto-update work?
What exactly happens when a random plugin (eg WooCommerce) is updated? I couldn't find a definitive answer, so this is limited:
- Maybe update and installation is the same: All files are replaced and WordPress detects a version change and runs a designated update script
- Several sites that explain manual updates, describe the same process, that may be how WordPress does it itself: (, -update-wordpress-plugin/#settings_saved):
- Rename the current plugin folder
- Place new files in a plugin folder with the usual name
- All succeeded? Remove the renamed folder
- Is there a difference between minor and major updates?
- The update process is initiated by process
wp-cron. It contacts
wordpress.orgabout twice per day for updates
- When an update is newly published, it is made available to only a subset of the eligeble clients by random. Over time (a matter of hours?), it is made more widely available. Through this approach, developers have the opportunity to cancel an update, if problems occur
- ? - Can't find good information online so far.
- Rename the existing plugin folder, e.g.:
- Create new folder with the original name
- Upload to this new folder
- Remove backup folder.
Automatic Update Script 1.0
Around 2020/2021, I developed a script for updating plugins and themes, as part of a larger server-sided update script:
- Rename the existing plugin/theme folder, to e.g.:
- Create a new folder with the original name of the plugin or theme, e.g.
- Upload the updated plugin or theme to this new folder.
This script lacked two basic functionalities:
- It didn't check if an update was actually needed, but updated it anyway whenever invoked
- Backups weren't deleted afterwards - I'm reluctant to automatically delete stuff.
Check if an update is needed: Quite obvious: First check if an update is needed. This shouldn't be too difficult: Reading a file and doing some beginners' regular expression magic
Remove backups. E.g.:
- After updating, move the backup to a place where it won't be regarded as an instance of a theme or plugin. E.g., to
/my-backups/from the root of the site (might be handy to keep it around the site installation, to be able to find it back
- After updating, delete the backup - Tricky
- After updating, ask for confirmation before deleting the backup - Much better already
- After updating, notify admin by email that a backup is ready to be deleted
- After updating, change file permissions, so that Apache can't read it - Isn't that confusing?
- On a server, there usually isn't some kind of recycle bin, but you can create one quite easily yourself, and create alternatives to the usual Bash commands for deletion, to that it moved stuff to this recycle bin, rather than actually deleting it
- Do nothing - The problem isn't that big.
- https://kinsta.com/blog/wordpress-automatic-updates/ - Nope: it doesn't say how the actual update process works
- https://help.getshieldsecurity.com/article/235-how-does-the-wordpress-automatic-updates-system-actually-work - Gets a bit closer, but still doesn't discuss the actual update process