Quick Tip: Upgrade Your WordPress Site via SSH

Quick Tip: Upgrade Your WordPress Site via SSH

on Oct 14th 2012 with 17 comments

I have already written about how to install WordPress via the shell. I am taking it further today by showing how you can upgrade it as well using shell access. Though you can always upgrade from within WordPress using the 1-click method, the shell method is more secure as it encrypts all the data transfer. There are two ways of doing it: You can do it using an SSH client or enable WordPress to use SSH Transfers for all types of upgrades whether its a core upgrade or plugin/theme upgrade/installs. I will discuss both methods here.

Method 1 Upgrading Using an SSH Client

Important Note: Always ensure you do a complete backup of your WordPress install’s files and database before performing an upgrade.

Now I won’t write again about how to connect to SSH as I have already discussed that in my previous tutorial. Now all the commands here are being done assuming that you are in your blog’s directory(blogdemo in this case). First of all download the latest version of WordPress and extract it.

wget http://wordpress.org/latest.tar.gz
tar xfvz latest.tar.gz

Now we need to delete the old wp-admin and wp-includes directories.

rm -rf ./wp-admin
rm -rf ./wp-includes

Now go to the wordpress directory where we extracted the latest WordPress files and move them back to the blogdemo directory.

cd wordpress
mv * ../blogdemo/

You will be asked to overwrite certain files and some directories as well inside wp-content. Just press y and proceed. Now exit from the wordpress directory and delete the directory and the file latest.tar.gz. We’re done with them now, and don’t need them taking up space.

cd ../
rm -rf ./wordpress/
rm -f latest.tar.gz

In the final step just login to your dashboard and run the database upgrade.

Method 2 Enabling SSH2 for WordPress Upgrade/Installs

Did I mention… Always ensure you do a complete backup of your WordPress install’s files and database before performing an upgrade.

In this method, you can enable WordPress to use SSH for upgrading and plugin/theme installations. First of all you need to check with your webhost if they have the SSH2 extension installed for PHP or not. To check for that run the following PHP command

var_dump( extension_loaded( 'ssh2' ) );

If this command returns true, that means it’s installed, otherwise it’s not. If your webhost doesn’t offer it, ask them to install it for you or if you are running a VPS/dedicated, you can install it yourself. Follow the method to install from here.

First of all we need to generate a working set of public and private keys which will be used for authenticating the user. To do that, use the following command in your SSH client:

ssh-keygen

You will be asked for the name of the file. You can leave it blank or enter any custom name. If you leave it blank, the file names will be id_rsa.pub and id_rsa. Also you can set a passphrase to add additional security or can leave it blank.

Time to add keys needed to be added to the authorized_keys file. In our case, SSH keys were generated and kept in the .ssh directory in the root directory.

cd .ssh
cp id_rsa.pub authorized_keys

Now change permissions so that WordPress can access those keys.

cd ../
chmod 755 .ssh
chmod 644 .ssh/*

You may need to change the user of the directory if you are running PHP as a different user.

Now that you have got SSH2 setup and working, you should see the following screen while performing any upgrade/plugin or theme install.

Here user is the SSH username you used to login and perform all the commands and password is the passphrase you were asked to set during the ssh-keygen command. If you didn’t choose any passphrase, you should keep the password field blank. To avoid entering this data repeatedly, enter the following code in your wp-config.php

define('FTP_PUBKEY','/home/user/.ssh/id_rsa.pub');
define('FTP_PRIKEY','/home/user/.ssh/id_rsa');
define('FTP_USER','user');
define('FTP_PASS','passphrase');
define('FTP_HOST','domain.com');

From now on WordPress will perform all file transfer operations using SSH.

References

 
Enjoyed this Post?

Subscribe to our RSS Feed, Follow us on Twitter or simply recommend us to friends and colleagues!

By

Rollover to read this author's bio or click through to see a full list of posts by this author.

I am a blogger from India who just loves WordPress and sharing whatever I learn along the way. Check my blog NSpeaks or follow me on Twitter to know more about me.  

Plus Premium
 
 
Note: Want to add some source code? Type <pre><code> before it and </code></pre> after it. Find out more
  • http://www.eizil.com Eizil

    I think there a small typos in the tutorial, for the delete wp-includes, instead of

    rm -rf ./wp-content

    should be

    rm -rf ./wp-includes

    else all important data in wp-content would be deleted just like that. :D

    • http://wp.envato.com/ Japh Thomson
      Staff

      Oh my goodness! Thanks for pointing that out, Eizil. I obviously just saw what I thought I was going to see on that one. Fixed now.

    • http://kovshenin.com Konstantin Kovshenin

      Heh, that’s a lovely typo :)

  • http://www.pure-tentation.fr syndrael

    What are the advantages instead of FTP ?
    I know that everyone with Linux basics would prefer SSH, but in this case i don’t see the advantages.. Thanks for your explanations.
    Best regards

    • http://wp.envato.com/ Japh Thomson
      Staff

      Hi Syndrael, one of the advantages of this method over FTP, is that you never had to download WordPress to your computer, and then upload it to your server. You downloaded directly to the server.

    • http://roadha.us haliphax

      As a Linux-centric user, I actually prefer the FS_METHOD DIRECT way of upgrading WordPress and its plugins. https://randomtechsolutions.wordpress.com/2010/05/25/update-wordpress-without-ftp/

      • http://nspeaks.com Navjot Singh
        Author

        Well that method is insecure as compared to the SSH method. And if you use Cron along with this method, you won’t have to worry about upgrades at all. Your blog will remain upgraded at all the times.

  • Pingback: Ask An SEO Expert – Migrating From Tumblr To WordPress | Open Knowledge

  • http://andrewensley.com/ Andrew Ensley

    Can you please explain how either method is more secure or convenient than the 1-click upgrade? In method 1, it’s only your connection to your server that’s encrypted; not the upgrade files (which I’m not sure why those would need to be encrypted anyway). So really, all you’re protecting is the commands that you run.

    I don’t understand the point of method 2.

  • http://kovshenin.com Konstantin Kovshenin

    Heh! Your “Now we need to delete the old wp-admin and wp-includes directories.” commands will break your website, because you deleted WordPress. Boom! Your broken website will last until you manage to copy the new files back where the old ones were.

    But the WP Honey Badger don’t give a **** about downtime, cowboy coding ftw!

    Just use the built-in updater, which will replace old files with new files and delete deprecated files. It’s not less secure, especially compared to what you’re doing. It’l also a lot faster than you can type your wget command :)

    If you do want to update WordPress via SSH, just use Subversion. A simple svn up or svn switch (to a new tag) will do the trick, all in matter of seconds, and without deleting any core WordPress files.

    Be safe.
    ~ K

    • http://wp.envato.com/ Japh Thomson
      Staff

      Hey Konstantin, thanks for your comment. Those instructions are inline with the manual update instructions in the docs on WordPress.org.

      However, I agree with you that both the methods you recommended would be better alternatives if you’re planning to do a manual update.

      This tutorial is essentially a “if you wanted to know how, here’s how”, and also there may be instances where people wish to automate this and know the process (though svn up / svn switch would still be a better option)

      • http://kovshenin.com kovshenin

        Hey Japh, that’s fine! Being “inline with the docs on WordPress.org” doesn’t always mean being correct, right? :) I don’t see a reason to use the manual update instructions, unless of course you’re using a version prior to 2.7. In any case, (unfortunately) downtime is no big deal for most websites, and getting to know a few nix commands to nuke, extract and copy files is valuable.

        The SSH2 part is also valuable, though I’d emphasize on what a private key is, and how important it is to keep it safe. Thanks and keep up the great work!

    • http://nspeaks.com Navjot Singh
      Author

      Hello Konstantin, I am the author of this article. I agree fully with all your points. This was just a tutorial about an alternative method. But yes in future I will take caution and will refrain from posting about a method where a better one already exists.

      • http://kovshenin.com kovshenin

        Glad you’re listening to readers feedback. Keep up the good work! :)

  • Pingback: Actualizar WordPress por SSH : CarWarez

  • http://tjosm.com/ Tharindu Kumara

    There’s also another method using subversion. It needs some initial setup, but then pretty easy to manage. I’m not sure if subversion can be integrated to an existing blog. Probably not

  • Pingback: Actualizar WordPress por SSH descargar gratis | Zonadictz

  • Pingback: October’s Best ExpressionEngine, WordPress, and Magento Content | @nexcess

  • Pingback: Upgrade Your WordPress Site via SSH | Deep Ocean, Wide Sky

  • http://www.facebook.com/profile.php?id=662911940 Marcin Antczak

    I have to say that I absolutely don’t understand logic behind this article. I can be wrong but IHMO this ssh procedure is 100% broken.

    Idea behind SSH connection is to have two hosts/users and to establish connection between each other. Users keep private keys in secure place and they exchange only public parts of keys.

    In your example I can see a single user and everything in the same directory, owned by the same user. You authorize user on his own account?
    It makes no sense for me.
    It’s also extremely dangerous to keep any private ssh keys in directory that is accessible by www server.

    Could you give more detail explanation of this procedure?

  • queenzeal

    I prefer the WordPress SSH SFTP Updater Support plugin:

    http://wordpress.org/extend/plugins/ssh-sftp-updater-support/

    SFTP as WordPress uses it doesn’t work on most hosts as it requires the obscure libssh2 extension installed. The plugin I mentioned, however, is pure PHP, so it’ll work on any host!

  • http://jquery4u.com/ jQuery4u

    Thanks bro