Logged in to my WordPress site Dashboard to be greeted with a message that an update to WordPress is available. I host my own WordPress site, and with a working life in web hosting, I choose not to have FTP open as its just not safe with passwords sent in clear text. Yes, there is SFTP, but that is just a hassle for something I won’t use regularly and it means firewall ports need to be opened. I also just don’t trusted the stability of the FTP protocol, in terms of dropped connections and file locking.
When I need to access or update any files on my web servers, then I create a VPN session to the network and make the necessary changes. It is a lot more hassle to setup, but I havent had any post-installation issues and it just works. It is also makes me feel more secure when working. Surprisingly, from SA to UK, the connection is very stable and rarely drops – even when working over a WiFi connection.
Getting ack to my point, if I need to update WordPress then I have to do the following:
- Manually download the update zip file from WordPress.org
- Create a VPN connection to my web server network
- Create website file and database backups
- Upload the update zip file to the web server
- Unpack the update zip file
- Update WordPress
- Delete the updatez ip file and cleanup
- Close the VPN connection to my web server network
- Test my WordPress site and reactivate all my plugins
I fully understand that this process is of my own doing, as I host my own site, however, is it not possible for the WordPress site to have a form of update function in the website that downloads and updates files within itself. This would then allow the archaic FTP option to be removed for the good and security of the Internet and would save me from the work above.
I don’t quite know how this update function would work, but Windows Update and SVN could offer some interesting methods.
Perhaps each WordPress-specific (wp-*.php) page has a unique identifier at the top/bottom of the page, specifying the version of the page. A basic WGET/PHP scheduled task command could check for the latest files, by comparing the version number on each page against the latest version numbers within a XML file on WordPress.org. A simple WGET command could then download the necessary files.
The WordPress site would then routinely check all the file versions against an XML file of it’s own and run any local update scripts where necessary.
The above would be able to be either manual or automatic, and would aid in faster delivery of WordPress updates – especially those that are security related. Updates could be pushed out at night, and ready for activation first thing in the morning.
I have only limited developer skills, but the above doesn’t sound too out of place. Could it be done?
Leave a comment
A persistently tormenting person, force, or passion: The demon of drug addiction;
One who is extremely zealous, skillful, or diligent: Worked away like a demon;