Auto Wordpress Updates Outside of cPanel?

jazee

• January 31, 2017 14:42

It appears Wordpress installations running on a Cpanel/WHM system have core updates disabled. So if you have 20 Wordpress sites running on your server does Cpanel update the core for ALL those wordpress installations even those installations that were installed from the command line shell and not from within Cpanel? There's a very handy plugin call Easy Update Manager that lets you fine tune the control of automated updates for both core and plugins. One feature that is nice is getting an email notification after automatic updates are applied. If the function is disabled in lieu of Cpanel doing the update, then I won't get the notifications. The comment in the config file says there is potential data loss if you have both enabled. Data loss from what? The potential for both updates to be running at the same time? I would assume Cpanel won't update a Wordpress site that was already updated?!? I'm still also surprised if the Cpanel updates, update all wordpress files on every host on the server, even the ones not installed from within Cpanel? I suppose Cpanel does send email notifications about updates. If it IS indeed updating all Wordpress installation core files, then I can turn off core updates on the Easy Update Manager and I guess that solves it. From the wp-config.php file: (I think this only get inserted if you install it from Cpanel - I have sites that were a command line install that don't have this.) * Core updates should be disabled entirely by the cPanel & WHM" Site Software * plugin, as Site Software will provide the updates. The following line acts * as a safeguard, to avoid automatically updating if that plugin is disabled. * * Allowing updates outside of the Site Software interface in cPanel & WHM" * could lead to DATA LOSS. * * Re-enable automatic background updates at your own risk. */ define( 'WP_AUTO_UPDATE_CORE', false );

• 

  cPanelMichael

  • January 31, 2017 21:55

  So if you have 20 Wordpress sites running on your server does Cpanel update the core for ALL those wordpress installations even those installations that were installed from the command line shell and not from within Cpanel?

  
  Hello, cPanel only manages the WordPress installations that were installed through cPanel. It does not manage the installations that were installed or updated outside of cPanel. More information on how this works is documented at: Manage cPAddons Site Software - Documentation - cPanel Documentation Also, I encourage you to vote and add feedback to the following feature request: Manage WordPress from within cPanel I believe the request includes changes that you would find helpful. Thanks!

  0
• 

  jazee

  • January 31, 2017 21:56

  Well this does appear to possibly be the can of worms my gut was telling me it was - hence the original post with a lot of questions about all these unknowns. I finally found one article (including tons of comment discussions) that digs deeper on this but it still leaves questions. For one thing I was shocked to learn that the add-on actually modifies the core code. This means as far as I can tell, at least regarding updates, it makes your Wordpress site less portable. What if you want to move it to a server that isn't running Cpanel? Here's the article: wptavern.com/cpanels-site-software-addon-disables-wordpress-auto-updates What this article fails to do is clearly and concisely summarize the pros and cons of (a) using the Cpanel Wordpress Add-on, and (b) installing Wordpress not through Cpanel so it doesn't have the add-on and updates are handled by the normal Wordpress functions. Anyone got a clue?

  0
• 

  jazee

  • January 31, 2017 22:08

  Hello, cPanel only manages the WordPress installations that were installed through cPanel. It does not manage the installations that were installed or updated outside of cPanel.

  
  Hi Michael! Thanks for the info but it still leaves a lot of questions. Would greatly appreciate it if you can add additional clarification on this. Correct me if I'm wrong but is the premise of the CPAddon Wordpress installs so that the server administrator can insure all Wordpress sites being hosted on their server are kept up to date despite the settings in each individual Wordpress installation? If that is true, doesn't that risk breaking people's sites? I assume that risk is minimized in that Cpanel only handles Security Updates (minor) and no major updates of course? If my assumptions are true, it seems to me if the Server Administrator's usage policy is that they want to leave the automatic update settings up to each individual Wordpress administrator, then the CpAddon Installation should be disabled in WHM, correct? In my case, all my sites are my clients and I'm the admin so I have a simplified case. I can see on a server where you want to advertise easy one-click installs of Wordpress yet can't trust every admin to keep their software up-to-date that the CPanel WP management greatly reduces issues from a security standpoint. However, I think must hosting customers that are technically proficient would not like the "Big Brother" approach so I suppose you just have to make it clear to customers if they want "full control" of their WP config from and update standpoint, DO NOT USE the Cpanel One-Click install. Finally, how can a WordPress installation with the CpAddon be reverted back to a unmodified installation? My guess is that first remove the add-on, then re-install the core?

  0
• 

  jazee

  • January 31, 2017 23:31

  I deactivated Easy Updates Manager to get the Re-Install button to appear so I could re-install the core. So I backed up all the files, then deleted all the files (kept the DB). Re-installed Wordpress from the command line (Centos 7). Enter the same DB credentials on install setup, it recognized it. Copied wp-content folder from old installation. This is what shocked me. I hadn't really noticed until now that on my CPAddon WP Install, it was saying my version was current and was 4.4.2!!! The current version of Wordpress at the time of this writing is 4.7.2! So either the CPanel wasn't updating this version, or 4.4.2 is the latest version that has Cpanel's blessing, or the Cpanel mods broke the version number display accuracy (I doubt the last)

  0
• 

  cPanelMichael

  • February 03, 2017 15:14

  If my assumptions are true, it seems to me if the Server Administrator's usage policy is that they want to leave the automatic update settings up to each individual Wordpress administrator, then the CpAddon Installation should be disabled in WHM, correct? In my case, all my sites are my clients and I'm the admin so I have a simplified case. I can see on a server where you want to advertise easy one-click installs of Wordpress yet can't trust every admin to keep their software up-to-date that the CPanel WP management greatly reduces issues from a security standpoint. However, I think must hosting customers that are technically proficient would not like the "Big Brother" approach so I suppose you just have to make it clear to customers if they want "full control" of their WP config from and update standpoint, DO NOT USE the Cpanel One-Click install.

  
  Yes, in your particular case, it's likely a better idea to disable WordPress as a cPAddon and install it manually on websites. Updates are then handled by the individual WordPress administrators and the WordPress core files are not manipulated to support the cPAddon feature.

  Correct me if I'm wrong but is the premise of the CPAddon Wordpress installs so that the server administrator can insure all Wordpress sites being hosted on their server are kept up to date despite the settings in each individual Wordpress installation? If that is true, doesn't that risk breaking people's sites? I assume that risk is minimized in that Cpanel only handles Security Updates (minor) and no major updates of course?

  
  Yes, in addition to providing an easy installation method to cPanel users, another benefit to the WordPress cPAddon is the ability for server administrators to ensure the software remains updated across multiple accounts. Updates include new WordPress versions, not just security updates. We test the upgrade process before releasing the updated version to help ensure the changes don't break the websites, and this is also a reason cPanel will stop managing the WordPress installation if a user manually upgrades WordPress outside of the cPanel environment.

  Finally, how can a WordPress installation with the CpAddon be reverted back to a unmodified installation? My guess is that first remove the add-on, then re-install the core?

  
  You can use the upgrade instructions available at the following URL should you choose to do this: Information on managing or disabling cPAddons is documented at: Thank you.

  0

Please sign in to leave a comment.