One critically-important aspect to running WordPress sites is keeping everything up-to-date. Not just the WordPress software itself, but themes and plugins. I wrote a quick script to keep everything tidy; it runs as a cron
job, and it runs often.
You need to install wp-cli, the WordPress command line interface. By default, it wants to install in /usr/local/bin but you should install it (or move it to) a directory that is owned and writable by the user under which your web server runs (/home/apache/ and “apache” in my case). The “wp” file also needs to be owned an modifiable by the web server user.
You also need a directory that has all your active sites in subdirectories. Due to a lot of legacy cruft, my sites are scattered around, so I just create a directory (“/path/to/sites”) with symlinks to each of my active WordPress sites.
for i in /path/to/sites/* do echo $i /home/apache/wp core update --path=$i /home/apache/wp plugin update --all --path=$i /home/apache/wp theme update --all --path=$i echo done /home/apache/wp cli update --yes
The cron job should run as the user under which your web server runs (“apache”).
Edit 19August2018:
A ‘cli’ update came down the pipe, and I discovered that the program requires confirmation before an update, so I added the --yes
directive to the last line.