One of the great things about WordPress is the one-click upgrade procedure. It’s particularly convenient, because WordPress has frequent upgrades and security updates. Without an easy way of upgrading, many users would complain of upgrade fatigue, or would continue running older versions with security flaws.
Of course, not everyone can use the one click upgrade: My host is not configured properly, so I need to upgrade manually. Fortunately, a manual upgrade is relatively painless. Although it is described in some detail at Upgrading WordPress: Manual Update, I’m listing my specific procedures (using the Bash shell) here.
- Download the latest version to your home directory:
wget http://wordpress.org/latest.tar.gz
- Remove any old WordPress directory before unpacking the latest:
rm -r ./wordpress
- Unpack the latest version:
tar -xf wordpress-3.2.tar.gz
- Backup the database:
mysqldump --add-drop-table -h localhost -u [username] -p [database name] | bzip2 -c > [site name].[dd-MMM-yyyy].bak.sql.bz2
- Disable plugins. You can do this via the admin interface, or the database:
UPDATE wp_options SET option_value = 'a:0:{}' WHERE option_name = 'active_plugins';
- Remove the wp-admin and wp-includes directories:
rm -r ./path/to/your/wordpress/wp-admin ./path/to/your/wordpress/wp-includes
- Copy only the updated files over to the WordPress install:
cp -ru ./wordpress/* ./path/to/your/wordpress/
- Visit the admin page (which may prompt a database upgrade).
- Re-enable any plugins.
Step 6 may seem unnecessary in light of step 7, but in my experience merely updating the wp-admin and wp-includes directories is not enough: there may be old files that are not present in the latest version, but that will cause problems if they still exist.
I’ve found that my reCAPTCHA plugin doesn’t retain its API keys, but you can look them up again on the reCAPTCHA site. Other plugins may have similar issues.
Thanks to Perishable Press for the tip on disabling WordPress plugins via MySQL.
I have also taken to deleting the xmlrpc.php file with each upgrade. Malicious users like to attempt to use to launch attacks against other sites using xmlrpc.php.
The SSH SFTP Updater Support plugin has largely negated my need for manual updates, others may find it helpful as well.