Wordpress Wordpress Super Cache plugin users Update for security fix !

Ouch all Wordpress Super Cache Plugin users need to update their plugin for security fix As many as 1 million sites imperiled by dangerous bug in WordPress plugin | Ars Technica

If you used wp-cli addon tool to update or install Wordpress Centmin Mod Addons for Menu based Nginx installer for CentOS servers you can easily update your plugins via these commands run within your wordpress install directory

If wordpress installed at /home/nginx/domains/newdomain2.com/public/, change to wordpress install directory. Then check wp-cli tool for updates, then check all wordpress plugin status (U will be marked on plugins that have updates available) and then update all plugins.

Code:

cd /home/nginx/domains/newdomain2.com/public/
wp cli update --allow-root
wp plugin status --allow-root
wp plugin update --all --allow-root

or to update an individual wordpress plugin, i.e. backupwordpress specify it on wp plugin update

Code:

wp plugin update backupwordpress --allow-root  

Downloading update from https://downloads.wordpress.org/plugin/backupwordpress.3.2.4.zip...
Unpacking the update...
Installing the latest version...
Removing the old version of the plugin...
Plugin updated successfully.
Success: Updated 1/1 plugins.

example of full output

Code:

cd /home/nginx/domains/newdomain2.com/public/
wp cli update --allow-root
Success: WP-CLI is at the latest version

Code:

wp plugin status --allow-root

33 installed plugins:
  A wp-security-scan                4.0.5
  I addthis-smart-layers            1.0.10
  I akismet                         3.1.1
  A autoptimize                     1.9.2
UI backupwordpress                 3.2.2
  I db-cache-reloaded-fix           2.3
  A disable-xml-rpc                 1.0.1
  I go-newrelic                     0.3
  A google-analytics-for-wordpress  5.3.3
  I google-authenticator            0.47
  A gtmetrix-for-wordpress          0.4.1
  I hello                           1.6
  A jetpack                         3.4.1
  A limit-login-attempts            1.7.1
UA no-longer-in-directory          1.0.38
  A p3-profiler                     1.5.3.8
  I query-monitor                   2.7.1
  I recent-tweets-slider            1.0.1
  A rocket-lazy-load                1.0.3
  I search-regex                    1.4.15
  A sucuri-scanner                  1.7.8
  A theme-check                     20141222.1
  A tpc-memory-usage                0.9.1
UA updraftplus                     1.9.60
  I w3-total-cache                  0.9.4.1
UA wordpress-seo                   2.0
  A wp-optimize                     1.8.9.10
UA wp-smushit                      1.7.1
UA wp-super-cache                  1.4.2
  A wp-super-cache-clear-cache-menu 1.3.1
  A wp-updates-notifier             1.4.1
  A wp-widget-cache                 0.26
  M p3-profiler                

Legend: A = Active, I = Inactive, M = Must Use, U = Update Available

Code:

 wp plugin update --all --allow-root

Enabling Maintenance mode...
Downloading update from https://downloads.wordpress.org/plugin/no-longer-in-directory.zip...
Unpacking the update...
Installing the latest version...
Removing the old version of the plugin...
Plugin updated successfully.
Downloading update from https://downloads.wordpress.org/plugin/updraftplus.1.9.63.zip...
Unpacking the update...
Installing the latest version...
Removing the old version of the plugin...
Plugin updated successfully.
Downloading update from https://downloads.wordpress.org/plugin/wordpress-seo.2.0.1.zip...
Unpacking the update...
Installing the latest version...
Removing the old version of the plugin...
Plugin updated successfully.
Downloading update from https://downloads.wordpress.org/plugin/wp-smushit.1.7.1.1.zip...
Unpacking the update...
Installing the latest version...
Removing the old version of the plugin...
Plugin updated successfully.
Downloading update from https://downloads.wordpress.org/plugin/wp-super-cache.1.4.4.zip...
Unpacking the update...
Installing the latest version...
Removing the old version of the plugin...
Plugin updated successfully.
Disabling Maintenance mode...
Success: Updated 5/5 plugins.

FYI, if you want to update Wordpress core and database itself, easy too.

Code:

wp core check-update --allow-root
Success: WordPress is at the latest version.

Code:

wp core verify-checksums --allow-root
Success: WordPress install verifies against checksums.

Code:

wp core update --allow-root          
Success: WordPress is up to date.

Code:

wp core update-db --allow-root
Success: WordPress database upgraded successfully.

 

hmm suppose I could write a quick Wordpress WP-CLI update script to run 2 or 3 times a day for auto updates too for Centmin Mod's new centmin.sh menu option 22 which auto installs Wordpress + WP Super Cache and Nginx vhost setup. Edit: added wp plugin auto updater cron to centmin.sh menu option 22 in Centmin Mod .08 beta 02.

Can easily use a shell script to auto update wordpress every 8 hours = 3 times a day if you have WP-CLI addon/tool installed.

change EMAIL and WPINSTALL_DIR variables to your email and your wordpress install directory

save to say /root/tools/wpupdater.sh

Code:

#!/bin/bash
PATH=/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/root/bin:/root/bin
EMAIL='[email protected]'
WPINSTALL_DIR='/home/nginx/domains/newdomain2.com/public'

{
cd $WPINSTALL_DIR
echo "$WPINSTALL_DIR"
/usr/bin/wp cli update --allow-root
/usr/bin/wp plugin status --allow-root
/usr/bin/wp plugin update --all --allow-root
} 2>&1 | mail -s "Wordpress WP-CLI Auto Update `date`" $EMAIL

give permissions

Code:

chmod 0700 /root/tools/wpupdater.sh

use crontab -e to add the following cronjob

Code:

0 */8 * * * /root/tools/wpupdater.sh 2>/dev/null

exit crontab and save via CTRL+X

sample email I got

Code:

/home/nginx/domains/newdomain2.com/public
Success: WP-CLI is at the latest version.
33 installed plugins:
  A wp-security-scan                4.0.5
  I addthis-smart-layers            1.0.10
  I akismet                         3.1.1
  A autoptimize                     1.9.2
  I backupwordpress                 3.2.4
  I db-cache-reloaded-fix           2.3
  A disable-xml-rpc                 1.0.1
  I go-newrelic                     0.3
  A google-analytics-for-wordpress  5.3.3
  I google-authenticator            0.47
  A gtmetrix-for-wordpress          0.4.1
  I hello                           1.6
  A jetpack                         3.4.1
  A limit-login-attempts            1.7.1
  A no-longer-in-directory          1.0.39
  A p3-profiler                     1.5.3.8
  I query-monitor                   2.7.1
  I recent-tweets-slider            1.0.1
  A rocket-lazy-load                1.0.3
  I search-regex                    1.4.15
  A sucuri-scanner                  1.7.8
  A theme-check                     20141222.1
  A tpc-memory-usage                0.9.1
  A updraftplus                     1.9.63
  I w3-total-cache                  0.9.4.1
  A wordpress-seo                   2.0.1
  A wp-optimize                     1.8.9.10
  A wp-smushit                      1.7.1.1
  A wp-super-cache                  1.4.4
  A wp-super-cache-clear-cache-menu 1.3.1
  A wp-updates-notifier             1.4.1
  A wp-widget-cache                 0.26
  M p3-profiler

Legend: A = Active, I = Inactive, M = Must Use
Success: Updated 0/0 plugins.

 

More info at Vulnerability: Persistent XSS in WP-Super-Cache | Sucuri Blog