One critically-important aspect to running WordPress sites is keeping everything up-to-date. Not just the WordPress software itself, but themes and plugins. I wrote a quick script to keep everything tidy; it runs as a cron job, and it runs often.

You need to install wp-cli, the WordPress command line interface. By default, it wants to install in /usr/local/bin but you should install it (or move it to) a directory that is owned and writable by the user under which your web server runs (/home/apache/ and “apache” in my case). The “wp” file also needs to be owned an modifiable by the web server user.

You also need a directory that has all your active sites in subdirectories. Due to a lot of legacy cruft, my sites are scattered around, so I just create a directory (“/path/to/sites”) with symlinks to each of my active WordPress sites.

for i in /path/to/sites/* 
do 
  echo $i
  /home/apache/wp core update --path=$i
  /home/apache/wp plugin update --all --path=$i
  /home/apache/wp theme update --all --path=$i
  echo
done
/home/apache/wp cli update --yes

The cron job should run as the user under which your web server runs (“apache”).

Edit 19August2018:

A ‘cli’ update came down the pipe, and I discovered that the program requires confirmation before an update, so I added the --yes directive to the last line.