It's important to stay current with the new releases. In addition to providing you with new features, the updated version often includes corrections for newly discovered security problems. Keeping your installation up to date is the most important thing you can do to prevent your site from being hacked.
When a new version of WordPress is available, you'll see a banner message on every administration screen. You'll also see an announcement in the WordPress blog, which appears in one of the Dashboard widgets.
If you don't log in to your WordPress site very often, you might want to subscribe to the RSS feed or the e-mail announcement list for new releases. You can find both at wordpress.org/development/. The WordPress blog includes general news as well as release announcements. If you want alerts about new versions only, subscribe to the Releases category instead, at wordpress.org/development/category/releases/feed/.
WordPress can upgrade itself automatically, or you can download the files and upload them to your web server.
Automatic upgrades couldn't be simpler. The banner announcement includes a link to upgrade automatically. Follow it, and you'll be taken to the core upgrade screen (also available under Dashboard |TRA Update). Here, you'll be reminded to make a backup of your database and files before upgrading. If you have installed WP-DB-Backup, you should use it now (Figure 2-21). Otherwise, use your web host's database administration tool (such as PHPMyAdmin) to make a complete dump (structure and data) of your MySQL database. To back up your files, you'll need to use your favorite FTP client. You can back up your entire WordPress installation if you wish, or you can just copy the files that are unique to your site: wp-config.php and the wp-content directory.
Automatic Upgrades via FTP or SSH
In order for the automatic upgrades to work, all the files in your WordPress installation must be owned by the same user Apache runs under. If you're prompted to enter connection information when you try to upgrade, you can enter the information and let WordPress upgrade through an FTP or SSH connection, or you can change the file owner.
Changing the owner might not be the best choice if you're on a shared server, and it will be a hassle: you'll have to create a group that includes you and the Apache user so you can still write to the directory, and you'll have to make sure to change the owner again on any new files you upload.
However, if you simply fill in the requested information on the upgrade screen, it won't be saved, and you'll have to enter it again every time you upgrade the WordPress core, a theme, or a plugin.
A far better option is to save your connection information in your wp-config.php file, as shown in Listing 2-4. With your connection settings saved, WordPress won't have to prompt you every time you upgrade. You'll need to fill in the full path to your WordPress installation as well as your wp-content and plugins directories.
Listing2-4. FTP connection settings in wp-config.php define('FTP_BASE', '/home/user/wordpress/');
If your files are no longer visible to the public after you upgrade using FTP, ask your host if default permissions are set on newly uploaded files when using FTP. On many servers, a umask setting is in place. This is a way of adjusting permissions on newly uploaded files. If this is the case on your server, you'll need to ask the host to change this setting for you, or you'll need to upgrade WordPress through some other method.
If the SSH library for PHP is available on your server, the upgrade screen will give you an option to use SSH instead of FTP. To use SSH, leave the password field blank. Instead, generate a pair of keys: one public, one private. Place both files on your server, and fill in their locations to your configuration file, as shown in Listing 2-5. See www.firesidemedia.net/dev/wordpress-install-upgrade-ssh/ for more details on generating SSH keys for use in WordPress.
Listing2-5. SSH connection settings define('FTP_BASE', '/home/user/wordpress/');
define('FTP_CONTENT_DIR', '/home/username/wordpress/wp-content/'); define('FTP_PLUGIN_DIR', '/home/username/wordpress/wp-content/plugins/'); define('FTP_USER', 'username');
define('FTP_PUBKEY', '/home/username/.ssh/id_rsa.pub'); define('FTP_PRIKEY', '/home/username/.ssh/id_rsa'); define('FTP_HOST', 'ftp.example.com:21'); define('FTP_SSL', false);
■ Tip: Pass phrase protected keys do not work properly in WordPress. You should generate your SSH keys without a pass phrase.
If you can't get automatic upgrades to work, or if you're uncomfortable letting WordPress doctor its own innards, you can always upgrade your files manually. Simply download the new version, unzip it, and transfer the files to your host, just as you did when you first installed WordPress.
To make sure I don't accidentally overwrite my themes, plugins, and uploaded media files, I always delete the wp-content directory from the downloaded package before I upload the files to my web server.
Even though it's faster to use my FTP client's synchronize feature to upload only the files that have changed, I usually delete all the standard WordPress files from the server-everything except wp-config.php and the wp-content directory-before uploading the new copies. Otherwise, strange errors can occur due to duplicated functions, as files are sometimes eliminated and functions deprecated between versions. If a function has been deprecated (and therefore moved to wp-includes/deprecated.php) but you still have the original function in an old copy of its original file, you'll get fatal errors when you visit the site because the function has been declared twice within WordPress.
■ Tip: Make sure the wp-includes and wp-admin/includes directories are completely uploaded. When things don't work correctly in the administration screens (menus don't appear, widgets can't be moved, Quick Edit doesn't work) after an upgrade, the problems are almost always caused by missing or corrupted files in these two directories.
Was this article helpful?