As always, patching can break things; but I’ve generally not had too many issues, and I usually just blindly patch anyway – if you read the patch notes before deploying updates, and check for compatibility, this probably isn’t for you :-).

Anyway – to configure automatic updates in Linux, you need to create the cron jobs as root, so the easiest way is to either login as root (typically a bad idea) or su to root from your usual user account. In my case, this was done with:

sudo su -

You can then add your automatic update command by editing the crontab file with the following command:

crontab -e

If you are given a choice,  Nano is typically easier to use for novices. With vi, you will need to use the following steps:

1. Press”i” to begin editing
2. Enter the desired Values
3. Press “Esc” to stop editing
4. Type “:wq” and press Enter to exit.

RedHat/CentOS

RedHat, CentOS, Fedora and other RedHat derived operating systems use RPM as their package manager, with the “yum” tool used to manage the updates. For automated Linux patching on these systems, you can use the following entry:

@reboot yum update
0 09,21 * * * yum update -y

This will run “yum update” at every reboot, and at 09:00 and 21:00 each day. Updating every 12 hours should be frequent enough for most systems.

Debian/Ubuntu

Debian based operating systems, such as Ubuntu and Linux Mint, use DPKG as their package manager, with the “apt” tool used to manage the updates. To automatically update your Debian/Ubuntu system, you can use the following entry:

@reboot apt-get update && apt-get upgrade -y
50 09,21 * * * apt-get update && apt-get upgrade -y

This will update the apt package manager software list, and then install any updates at every reboot, and at 09:50 and 21:50 each day.

I’ve been playing around with AWS for a while, and had worked out a fairly easy way to keep the underlying OS of my EC2 instance patched; but wanted a way to avoid having to manually update WordPress and all its plugins, templates, etc.

I know that it’s generally considered a bad idea to install updates without reading the patch notes, but I’m usually the kind of guy who clicks “Update” without reading them anyway – so, if you’re happy to take the risk, keep reading, otherwise, it’s probably best to update manually (ensuring you still apply your updates regularly!).

In short, the aim of this post is to document how to:

• Configure WordPress to automatically update itself
• Configure WordPress to automatically update plugins and themes
• Run a Cron job to automatically trigger the WordPress update process

Patching WordPress

By default, WordPress will happily update minor versions. To apply major updates as well, you need to add the following to your wp-config.php:

define( 'WP_AUTO_UPDATE_CORE', true );

To patch plugins and themes, you need to add in some filters, which WordPress recommend you do in a custom plugin. They suggest a must-use plugin for this purpose, which can be configured by adding a “mu-plugins” folder to the “wp-content” directory

Within this folder, you can then create a php file containing the following:

<?php
add_filter( 'auto_update_plugin', '__return_true' );
add_filter( 'auto_update_theme', '__return_true' );
?>

Configuring Cron Jobs

Disable WP-Cron

As I wanted to use cron jobs to manage the update process for me, I disabled wp-cron by adding the following to the wp-config.php file:

define('DISABLE_WP_CRON', true);

Add a Crontab Entry

You can then add the following to the crontab file for the user you want to run the updates as (for ease, this could be “apache”, but I went with a custom user:

*/15 * * * * cd /var/www/html; php /var/www/html/wp-cron.php

This will run every 15 minutes and perform any other actions you have set to run with WP-Cron.

Force Updates

I found that I had issues with getting the updates to trigger reliably though, so discovered the following will force WordPress to update immediately:

<?php
 // request-update.php
 require( dirname(__FILE__) . '/wp-load.php' );
 wp_maybe_auto_update();
?>