The Code Train

Where Neil Crosby talks about coding on the train…

RSS Entries

Using WordPress’s “Upgrade Automatically” Feature

Posted on December 19th, 2009 by Neil Crosby. Filed under Blog Posts, Tips & Tricks.

Yup, it’s time for the WordPress upgrade dance, yet again – 2.9 Carmen has just been released and everyone using WordPress is being “urged” to upgrade.

Now, I’m slightly ashamed to admit it, but up until last week I hadn’t been upgrading regularly. It had seemed like in order to be able to use WordPress’s “Upgrade Automatically” functionality I had to either enable FTP (ewwww), or FTPS (seemed like a lot of effort, and needed the SSH extension for PHP installing). So, I’d ended up doing an upgrade every now and then manually. Not the best plan in the world.

So, last week I decided to take another look and see if there wasn’t a more sensible way to enable WordPress to run its “Upgrade Automatically” code. Turns out there is – just make sure the directory you’re running WordPress under is owned by the same user that your web server is running as. Do this, and suddenly “Upgrade Automatically” works, and you’re a happy camper.

And how to do that? Simple. First, find out which user your web server is running as:

ps aux | grep apache

Generally, the answer will be www-data. Then, once you’ve worked out who the server’s owner is, change the owner of your WordPress directory tree:

chown -R www-data:www-data /path/to/wordpress/

Then, when you go back into WordPress you’ll be able to click on the “Upgrade Automatically”, and WordPress will actually upgrade itself. Hooray! (Of course, don’t forget to back up before you do this. I am not responsible for your data, follow instructions at your own risk, Santa Claus is real, etc.)

Hopefully this is of use to someone out there. It’s certainly made me happier about the whole upgrade dance.


As Chris so rightly points out below, leaving things open to the web server to change willy nilly can be a little silly, so after running the update do another chown, this time changing the ownership back to your username and group.

Tags: , ,

If you enjoyed this post, subscribe to The Code Train and read more when I write more.

5 Responses to “Using WordPress’s “Upgrade Automatically” Feature”

  1. If this is for the WordPress core upgrade, wouldn’t the root WordPress directory need to be writeable as well, not just the wp-content subdirectory?

    I had this set up like this and upgrading nicely, but it always felt a bit insecure. I’m no security expert, but something about leaving your plugin and theme directories (and possibly more) writeable by the web server process feels a bit unnecessarily dangerous. Or am I being over-paranoid?

    The built-in upgrade system is just so nice, though, so these days I have the permissions locked down, and then temporarily open them up, do the upgrade through the web interface, and then lock them down again. Sounds like a hassle, but I find it easier than futzing around with zip files and remembering which files I’m supposed to update manually.

  2. I must admit, whilst I was writing this I fully expected somebody to reply saying “but leaving the filesystem server writable is horribly insecure too!”. So yup, locking the permissions down again after doing the upgrade is definitely a sensible thing to do.

    As for the wp-content bit, that was a slip of my hands whilst typing – I’ve updated it now. Yup, when I changed the permissions I did it for the entire WP tree.

  3. To be honest, I don’t know how else you’d manage an in-admin console upgrade without either:

    a) Having the file system writable by www-data; or b) Eval’ing the code out of a database (ala TextPattern templates);

    Given how bad eval is, I’d go for the file system upgrade.

    Incidentally, fastest way to do the “open up perms and switch” dance is to make yourself part of the www-data group, but own the files yourself:

    sudo chown -R crosby:www-data /path/to/files/*

    Then just add write permissions for group:

    sudo chmod -R g+w /path/to/files/*

    upgrade, and then remove perms:

    sudo chmod -R g-w /path/to/files/*

    Stick those commands as an alias inside your .bashrc and you’re away.

  4. Hi,

    I am using WordPress 2.8 at my blog. I tried upgrading automatically but it did not work. I dont know how to do the chown stuff. Isn’t there any easy way ?

    I also have another blog and I would like to upgrade to WP2.9 there also. Any suggestions or help etc ?

  5. Hi Shahid. Do you have the ability to ssh into your servers? If you can, then this is where you’ll perform the chown commands. If not, ask your server admins if they can enable FTPS access for you so that WordPress can update itself that way.

Comments RSS

Leave a Reply

TheCodeTrain Theme by Neil Crosby, Powered by WordPress