WordPress has issued a security release. Rather than replacing all of your WordPress file to upgrade the CMS, you can only replace the revised files. I wrote a quick and dirty script for this.


Today of all days, WordPress is issuing a security release. Webmasters are busy tracking the impact of Google’s Mobilegeddon update and security is the last thing on their minds right now.

Well, I decided to make it really easy for you guys.

List Of Revised Viles

Instead of uploading all files, only upload the following:

wp-admin/includes/class-wp-comments-list-table.php
wp-admin/includes/dashboard.php
wp-admin/includes/template.php
wp-admin/js/nav-menu.js
wp-includes/capabilities.php
wp-includes/class-wp-editor.php
wp-includes/formatting.php
wp-includes/functions.php
wp-includes/js/plupload/plupload.flash.swf
wp-includes/version.php
wp-includes/wp-db.php

Shell Script To Upgrade WordPress To 4.1.2

If you are afraid of downtime, you can use a script to instantly replace files. Please note this is a bad practice and its better to create a Git-compliant WordPress installation that you can update using git.

Don’t use without modifying and reading my instructions below.

#lets backup our wp-admin and wp-includes folders incase something goes horribly wrong
cd /home/mysite/public_html/
cp -r wp-admin wpadmin411
cp -r wp-includes wp-includes411

#lets go straight into wp412/wp-admin and copy the files to our production site. The slash before cp makes sure no aliases are preventing our operation
cd /home/mysite/public_html/wp412/wp-admin/
\cp -rf ./includes/class-wp-comments-list-table.php /home/mysite/public_html/wp-admin/includes/
\cp -rf ./includes/dashboard.php /home/mysite/public_html/wp-admin/includes/
\cp -rf ./includes/template.php /home/mysite/public_html/wp-admin/includes/
\cp -rf ./js/nav-menu.js /home/mysite/public_html/wp-admin/js/

#lets go straight into wp412/wp-includes and copy the files to our production site. The slash before cp makes sure no aliases are preventing our operation
cd /home/mysite/public_html/wp412/wp-includes/
\cp -rf capabilities.php /home/mysite/public_html/wp-includes/
\cp -rf class-wp-editor.php /home/mysite/public_html/wp-includes/
\cp -rf formatting.php /home/mysite/public_html/wp-includes/
\cp -rf functions.php /home/mysite/public_html/wp-includes/
\cp -rf ./js/plupload/plupload.flash.swf /home/mysite/public_html/wp-includes/js/plupload/
\cp -rf version.php /home/mysite/public_html/wp-includes/
\cp -rf wp-db.php /home/mysite/public_html/wp-includes/

How Can I Use This Dirty Script?

0. Run the following commands:

cd /home/mysite/public_html/
mkdir wp412
cd ./wp412
wget https://wordpress.org/latest.tar.gz
tar -xzf latest*
cd ./wordpress 
mv * ..
cd ..

Now you can proceed below.

1. Copy and paste the entire script above into notepad and replace mysite with the name of your site folder. Modify your home path if necessary.

2. Copy and paste it into a file upgrade.sh on your server

3. Run

chmod a+x upgrade.sh

4. Enter

./upgrade.sh

5. Done!

Instant File Replacement, No Downtime

Simply use my script if you are afraid of breaking stuff. I never liked replacing all of my WordPress files via FTP in fear of breaking something for users, although there is really nothing to it and you can simply overwrite the whole thing most of the time.

I used to write all sorts of shell scripts that would perform it for me. That way I would not suffer from any downtime because the files get replaced automatically in an instant. If you replace files via FTP you risk that some includes or functions end up breaking your site for users currently browsing the site.