| |

Upgrading WordPress via Shell

The word is already out that WordPress 2.1.1 is severely vulnerable and you have to upgrade to WordPress 2.1.2 to keep your blog safe.

Since the release of 2.1 we have seen two upgrades in little over a month and upgrading WordPress can be a real pain in the neck. It becomes really bad when you’re talking about upgrading more than one blog.

For those who have shell access upgrading WordPress can be a lot less painful and this guide hopes to set you establish just that. I upgraded three installations in less than fifteen minutes. It would have been faster but I am sure I saved a great more time had I to do it the hard way!

Firstly, make sure you backup your installation. There are a lot of guides explaining this, so I won’t go into detail, unless you want me to.

Once, the database is backed up, login to your account via shell and navigate to the folder of your WordPress installation. Mine is installed in public_html itself.

Once in there run the following commands (read the notes at the end first):

wget http://wordpress.org/latest.tar.gz
tar xfz latest.tar.gz
rm -rf ./wp-includes/
rm -rf ./wp-admin/
cd wordpress/
cp -rpf ----reply=yes * ../
cd ..
rm -rf ./wordpress/
rm -f latest.tar.gz

The above commands will fetch the latest WordPress installation and untar it. It then deletes wp-includes and wp-admin and all its subfolders and files. If you have modified any files in there, you will need to make the modifications again.

We then copy the newly downloaded files to your existing WordPress installation.

The untarred files and the downloaded .tar.gz file are deleted.

After running the command above, run the upgrade file in /wp-admin/upgrade.php in your browser.

While this guide will work with just about any WordPress upgrade, I advise you to use it only for minor updates. When making a major upgrade, say from 2.0 to 2.1, it is advisable to delete all the old WordPress files before moving the new ones.

I haven’t touched wp-content and its subfolders above to ensure your existing files, plugins and themes are not effected. Any new files, plugins and themes that come bundled with the new version of WordPress will overwrite the existing ones.

Ohh… and tell me how much time this has saved you.


  • The code above will work only on a Linux / Unix server.
  • I’ve been informed that the --reply may not work/be needed on certain Linux installations.
  • It also assumes that you are logging in to the shell via your own account. If you login via root, the permissions will change and you will need to run chown -R username * (change username to the account owner’s username) to correct the permissions. This can cause problems with WP-Cache, so you will need to reinstall the plugin again.
  • If you are using translations, please backup wp-includes/languages before running the commands above.

Disclaimer: Make sure you backup your installation. I won’t be held responsible if something goes wrong when you follow this guide.


  1. @Scott, I have used -f in the above code. It ensures that the files are overwritten.

    You can also use -–remove-destination instead.

    @Mark, Thanks. Have corrected the same.

  2. Hi Hari,

    rsync seems like a good option too if you are running Linux. There also seems to be a Windows package. Gonna take a look at this in detail.


  3. You had a typo in step 6 and forgot to exit from the wordpress directory before you try and delete it.

    6. cp -rpf –reply=yes * ../
    7. cd ..
    8. rm -rf ./wordpress/
    9. rm -f latest.tar.gz

  4. Fabulous idea, and I like the simplicity of the script. However the script has a few minor issues that should be pointed out …

    1 – permissions are not taken care of. What user are you running this script as? Are there any permissions that need updating afterwards?

    2 – you are running it from the WordPress document root and that might be included in the instructions.

    Also note that the cp command on my Linux system does not accept the


    parameter as valid. I believe the parameter should be

    - -reply=yes (no space between the two dashes, that’s just for this comment to display both dashes)

    However my cp command notes that this is deprecated, and to use

    instead. Your script already includes this parameter though so perhaps there’s no need for the -reply=yes?

  5. I use cp -R –remove-destination for my copy command. Do you think it’s still necessary to remove old files first when upgrading dot releases?

    I did remove directories this last time because of the 2.1.1 issues.

  6. Wow. I just tried this out on one of my domains and I can’t believe how quick it is!

    Until 30 minutes ago my procedure was to download the latest version to my PC, unzip it and upload it again via Dreamweaver and then perform the upgrade.

    You are a genius! This will make it much easier to stay on top of my WordPress upgrades!

  7. You know what would be useful (since I’m a bit of a *nix noob), what’s the command to tar the contents of a directory? Presumably if we run that in advance, we’ll have a neat little archive just in case things go wrong!

  8. I personally download the tar.gz file locally and then use “rsync -avrz [local dir] [remote location]” to update the remote files. (I have Linux on my local system). It requires fewer commands and you don’t need to run commands on the server.

    It’s more comfortable that way. However, your idea is also good.

  9. @Kirk, only the -f on my version of Linux (CentOS 4.4) kept prompting me hence I needed to use --reply

    WordPress seems to be changing the double dash to a single one. Just modified the code above with four dashes, so it works correctly.

    I’ve also updated the post with a note addressing the two points you raised above. I faced the problem, but assumed that most users would be logging in with their own accounts.

    @Mr. Byte, your host needs to give you shell or SSH access so you can login to your installation. The server should be a Linux/Unix server. It is similar to the command prompt in Windows.

  10. @Gerard, I’m no genius, just a little guy trying to find easier ways to do things!

    Keith’s script is good as it does the job neatly and if want to run a single script. My commands above can be converted into a script as well. I prefer to run it manually.

    In case you wish to create a backup of the folder, run tar -cvvf home.tar home/ where home gets replaced by your blog folder. You can also run gzip -c home.tar > home.tar.gz to compress the file you created above.

    I prefer just backing up the database, as it is the most important component.

  11. It also assumes that you are logging in to the shell via you’re own account.

    \”You’re\” == \”you are\”. You want \”your\”.

    Also, the first time I tried submitting this comment, it incorrectly told me I got the anti-spam sum wrong. In actual fact, the problem was that it didn’t like the fact that my browser didn’t send a Referer header.

  12. @Jim, Thanks for the correction… small oversight, big grammatical error!
    But, I do hope you use your correct email address next time.

    @Mr. Byte, Having cPanel doesn’t mean you got shell access. Write to your hosting company and ask them to enable it. You will then need to use a SSH client like Putty.

  13. Gerard, if you check out the link to my script above which works in a similar manner, it will create a backup of your existing wordpress installation before replacing it with the new files.

  14. Oh is it…. will ask them… already I have problem with php mail() function in my server… Probably i’ll do it through fantastico itself…

  15. I prefer to build each new release into its own directory structure and then update the site by repointing a symlink. This means the previous version is still there so you can revert or refer to it whenever you need to. So, if you’re currently on 2.0.7:

    cd /var/www/html
    mv -v wordpress wordpress-2.0.7
    ln -s wordpress-2.0.7 wordpress

    Once you have done this (and not before!) you can upgrade using a script like this:

    cd /tmp
    wget http://wordpress.org/latest.tar.gz
    tar -xzf latest.tar.gz
    cd /var/www/html
    mkdir $NEW_VERSION
    cp -rfp wordpress/* $NEW_VERSION
    rm -rf $NEW_VERSION/wp-includes
    rm -rf $NEW_VERSION/wp-admin
    cp -rfp /tmp/wordpress/* $NEW_VERSION
    rm -rf wordpress
    ln -s $NEW_VERSION wordpress

  16. But, by leaving the old files, aren’t you leaving your server open for exploit?

    No, the old versions are not externally accessible.

  17. Being bilingual, I can tell you that your instructions will remove the /wp-includes/languages folder which is necessary if someone is using localizations. If used as is, this would obviously break most of my clients’ websites…

    Besides that, I think the thinking is sound and wish WordPress would offer some upgrade feature which would simply the whole process for everyone involved.

  18. When you copy the new files over the old installations, doesn’t that include the new wp-content in it and will overwrite the existing one? I think there must be a step to delete the wp-content from the tarred folder so that it does not overwrite the old one before you start copy. Please correct me if I’m wrong.

  19. #4 hari,
    The rsync way is very slick indeed, I wondered I had no thought of that.
    I used a port on Windows called cwrsync which did the job perfectly and took 9 seconds to update the whole site.
    It would be easy to write a script to wget the latest file, untar it and rsync it all using your local machine.

  20. @Yves, I still have to try rsync out.

    @Haitham, unless you have customized the default theme (you should run your own theme), you have nothing to worry about why overwriting wp-content

  21. doing this worked for me, changing \”username\” to your actual regular user account name.

    cd /home/username/public_html/blog/
    wget http://wordpress.org/latest.tar.gz
    tar xfz latest.tar.gz
    rm -rf ./wp-includes/
    rm -rf ./wp-admin/
    cd wordpress/
    cp -rpf —-reply=yes * ../
    cd ..
    rm -rf ./wordpress/
    rm -f latest.tar.gz

    before running this for the first time on a server, I found I had to \”su\” in as root to have permission to overwrite existing files, so the first time I run:

    1. su root
    2. cd /home/username/public_html/blog
    3. chown -R username *
    4. su username

    then the script runs fine, on this, and any future upgrades.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.