Join the community today
Become a Member

Wordpress Wordpress Super Cache plugin users Update for security fix !

Discussion in 'Blogs & CMS usage' started by eva2000, Apr 8, 2015.

  1. eva2000

    eva2000 Administrator Staff Member

    53,811
    12,159
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,711
    Local Time:
    4:41 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    Ouch all Wordpress Super Cache Plugin users need to update their plugin for security fix As many as 1 million sites imperiled by dangerous bug in WordPress plugin | Ars Technica


    If you used wp-cli addon tool to update or install Wordpress Centmin Mod Addons for Menu based Nginx installer for CentOS servers you can easily update your plugins via these commands run within your wordpress install directory

    If wordpress installed at /home/nginx/domains/newdomain2.com/public/, change to wordpress install directory. Then check wp-cli tool for updates, then check all wordpress plugin status (U will be marked on plugins that have updates available) and then update all plugins.

    Code:
    cd /home/nginx/domains/newdomain2.com/public/
    wp cli update --allow-root
    wp plugin status --allow-root
    wp plugin update --all --allow-root
    
    or to update an individual wordpress plugin, i.e. backupwordpress specify it on wp plugin update
    Code:
    wp plugin update backupwordpress --allow-root  
    
    Downloading update from https://downloads.wordpress.org/plugin/backupwordpress.3.2.4.zip...
    Unpacking the update...
    Installing the latest version...
    Removing the old version of the plugin...
    Plugin updated successfully.
    Success: Updated 1/1 plugins.
    example of full output
    Code:
    cd /home/nginx/domains/newdomain2.com/public/
    wp cli update --allow-root
    Success: WP-CLI is at the latest version
    
    Code:
    wp plugin status --allow-root
    
    33 installed plugins:
      A wp-security-scan                4.0.5
      I addthis-smart-layers            1.0.10
      I akismet                         3.1.1
      A autoptimize                     1.9.2
    UI backupwordpress                 3.2.2
      I db-cache-reloaded-fix           2.3
      A disable-xml-rpc                 1.0.1
      I go-newrelic                     0.3
      A google-analytics-for-wordpress  5.3.3
      I google-authenticator            0.47
      A gtmetrix-for-wordpress          0.4.1
      I hello                           1.6
      A jetpack                         3.4.1
      A limit-login-attempts            1.7.1
    UA no-longer-in-directory          1.0.38
      A p3-profiler                     1.5.3.8
      I query-monitor                   2.7.1
      I recent-tweets-slider            1.0.1
      A rocket-lazy-load                1.0.3
      I search-regex                    1.4.15
      A sucuri-scanner                  1.7.8
      A theme-check                     20141222.1
      A tpc-memory-usage                0.9.1
    UA updraftplus                     1.9.60
      I w3-total-cache                  0.9.4.1
    UA wordpress-seo                   2.0
      A wp-optimize                     1.8.9.10
    UA wp-smushit                      1.7.1
    UA wp-super-cache                  1.4.2
      A wp-super-cache-clear-cache-menu 1.3.1
      A wp-updates-notifier             1.4.1
      A wp-widget-cache                 0.26
      M p3-profiler                
    
    Legend: A = Active, I = Inactive, M = Must Use, U = Update Available
    
    Code:
     wp plugin update --all --allow-root
    
    Enabling Maintenance mode...
    Downloading update from https://downloads.wordpress.org/plugin/no-longer-in-directory.zip...
    Unpacking the update...
    Installing the latest version...
    Removing the old version of the plugin...
    Plugin updated successfully.
    Downloading update from https://downloads.wordpress.org/plugin/updraftplus.1.9.63.zip...
    Unpacking the update...
    Installing the latest version...
    Removing the old version of the plugin...
    Plugin updated successfully.
    Downloading update from https://downloads.wordpress.org/plugin/wordpress-seo.2.0.1.zip...
    Unpacking the update...
    Installing the latest version...
    Removing the old version of the plugin...
    Plugin updated successfully.
    Downloading update from https://downloads.wordpress.org/plugin/wp-smushit.1.7.1.1.zip...
    Unpacking the update...
    Installing the latest version...
    Removing the old version of the plugin...
    Plugin updated successfully.
    Downloading update from https://downloads.wordpress.org/plugin/wp-super-cache.1.4.4.zip...
    Unpacking the update...
    Installing the latest version...
    Removing the old version of the plugin...
    Plugin updated successfully.
    Disabling Maintenance mode...
    Success: Updated 5/5 plugins.
    FYI, if you want to update Wordpress core and database itself, easy too.

    Code:
    wp core check-update --allow-root
    Success: WordPress is at the latest version.
    
    Code:
    wp core verify-checksums --allow-root
    Success: WordPress install verifies against checksums.
    
    Code:
    wp core update --allow-root          
    Success: WordPress is up to date.
    
    Code:
    wp core update-db --allow-root
    Success: WordPress database upgraded successfully.
    
     
    Last edited: Apr 8, 2015
  2. eva2000

    eva2000 Administrator Staff Member

    53,811
    12,159
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,711
    Local Time:
    4:41 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    hmm suppose I could write a quick Wordpress WP-CLI update script to run 2 or 3 times a day for auto updates too for Centmin Mod's new centmin.sh menu option 22 which auto installs Wordpress + WP Super Cache and Nginx vhost setup. Edit: added wp plugin auto updater cron to centmin.sh menu option 22 in Centmin Mod .08 beta 02.

    Can easily use a shell script to auto update wordpress every 8 hours = 3 times a day if you have WP-CLI addon/tool installed.

    change EMAIL and WPINSTALL_DIR variables to your email and your wordpress install directory

    save to say /root/tools/wpupdater.sh
    Code:
    #!/bin/bash
    PATH=/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/root/bin:/root/bin
    EMAIL='youremail@address.com'
    WPINSTALL_DIR='/home/nginx/domains/newdomain2.com/public'
    
    {
    cd $WPINSTALL_DIR
    echo "$WPINSTALL_DIR"
    /usr/bin/wp cli update --allow-root
    /usr/bin/wp plugin status --allow-root
    /usr/bin/wp plugin update --all --allow-root
    } 2>&1 | mail -s "Wordpress WP-CLI Auto Update `date`" $EMAIL
    give permissions
    Code:
    chmod 0700 /root/tools/wpupdater.sh
    use crontab -e to add the following cronjob

    Code:
    0 */8 * * * /root/tools/wpupdater.sh 2>/dev/null
    exit crontab and save via CTRL+X

    sample email I got
    Code:
    /home/nginx/domains/newdomain2.com/public
    Success: WP-CLI is at the latest version.
    33 installed plugins:
      A wp-security-scan                4.0.5
      I addthis-smart-layers            1.0.10
      I akismet                         3.1.1
      A autoptimize                     1.9.2
      I backupwordpress                 3.2.4
      I db-cache-reloaded-fix           2.3
      A disable-xml-rpc                 1.0.1
      I go-newrelic                     0.3
      A google-analytics-for-wordpress  5.3.3
      I google-authenticator            0.47
      A gtmetrix-for-wordpress          0.4.1
      I hello                           1.6
      A jetpack                         3.4.1
      A limit-login-attempts            1.7.1
      A no-longer-in-directory          1.0.39
      A p3-profiler                     1.5.3.8
      I query-monitor                   2.7.1
      I recent-tweets-slider            1.0.1
      A rocket-lazy-load                1.0.3
      I search-regex                    1.4.15
      A sucuri-scanner                  1.7.8
      A theme-check                     20141222.1
      A tpc-memory-usage                0.9.1
      A updraftplus                     1.9.63
      I w3-total-cache                  0.9.4.1
      A wordpress-seo                   2.0.1
      A wp-optimize                     1.8.9.10
      A wp-smushit                      1.7.1.1
      A wp-super-cache                  1.4.4
      A wp-super-cache-clear-cache-menu 1.3.1
      A wp-updates-notifier             1.4.1
      A wp-widget-cache                 0.26
      M p3-profiler
    
    Legend: A = Active, I = Inactive, M = Must Use
    Success: Updated 0/0 plugins.
     
    Last edited: Apr 22, 2015
  3. eva2000

    eva2000 Administrator Staff Member

    53,811
    12,159
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,711
    Local Time:
    4:41 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    More info at Vulnerability: Persistent XSS in WP-Super-Cache | Sucuri Blog