WordPress Upgrade Notifications by Email

This weekend will go down in history. It’s the first time I’ve been seriously sick in well over 5 years. A bug infected my son on Wednesday, but he got over it quickly enough. Then the same bug hit my wife and I on Sunday morning and we’re just getting over it now.

Odd that a worm attacks software I work on and I get very sick at the same time. Unfortunately I couldn’t run an exploit scanner and remove the bug but my body’s defenses took care of the bugs eventually.

All this leads me to a handy little plugin called Upgrade Notification by Email written by Konrad Karpieszuk. Install it on your blogs and it will check once a day if a new version of WordPress is out. When that happens it will email the admin with a message saying the blog must be upgraded.

It’s odd that the plugin itself contacts WordPress.org instead of relying on the built-in version checker but it’s only one request a day.

What I’d like to see next is a direct link to the upgrade page on the blog.

Far more challenging would be a plugin to auto upgrade a blog. In case a theme or plugin breaks things the plugin should probably deactivate all plugins and change the theme back to the default theme. Once the upgrade is complete, all plugins should be reactivated and the theme too. The admin has to be emailed before and after the upgrade.

It’s easy to say what it should do, but doing it is another thing altogether. The reactivation process has to be sandboxed in case of failure so the plugin doesn’t die. The plugins page already does this so at least there’s example code to work from. Anyone up for coding it?

24 thoughts on “WordPress Upgrade Notifications by Email

  1. Thank you for this review Donncha 🙂

    About contacting with wordpress.org site: i didn;t found bulid-in version checker in wordpress software, so this is why i decided to do it this way 🙂 Could you help fin this version checker? Does it check also versions of plugins? Because i plan to add function to check also if plugins are up to date.

    About automatic upgrade: plugin name is ‘notification’ so plugin only notices version diffrence 🙂 automatic update maybe will be in next plugin. but truelly i am little affraid to code this 🙂 too big responsability 🙂

    1. Konradk – great plugin, and timely too! You should check out wp-includes/update.php – there’s a function in there called wp_version_check() and also ones for plugins and themes now. They set transient options you can query for version numbers.

      I think it would be really useful to be bugged about plugin and theme upgrades too, although this should probably be disabled because if a user gets warning emails too many times they’ll start ignoring them.

      I totally agree that auto upgrades is a huge task! It’ll work really well for some people and fail spectacularly for others who hacked core files or for some random reason.

  2. The “deactivating plugins” reminds me of something I wrote recently.

    We had a hack attack recently where the hackers got through a hole in some 3rd party software (Mantis). I wrote a defence which checks for suspicious files (usually held in /tmp) in all virtual servers on the system regularly, and if any are found, it shuts that virtual server down immediately and sends me an SMS. Hasn’t been triggered yet, thankfully.

  3. Great plugin but the conflict with the version number being changed to ‘abc’ by the WordPress Security Scan is a shame. I’d love to use this plugin but the WP security scan features are more important at the moment (plus I don’t really want to go hacking about with the security scan plugin’s PHP just to fix this conflict). Thanks though!

    1. Chris, to check if installed wp is up to date, plugin needs to compare version numbers. 🙂 if wp security scan changes variable with version number to ‘abc’ it’s not shame to my plugin but to wp security scan 🙂 wp sec scan should change it on some higher level, before to print it in head section, not to change variable to all wp engine instance…

      1. Changing the version number isn’t a real security feature anyway. If a bot attacks your site they’re going to try the attack first and won’t care about the version.

  4. Glad to hear that you and your family are on the mend, I think we’re all in for a rotten winter in terms of both biological and technical ailments.

    As challenging as completely automated core upgrades may be, I suspect that WordPress will have to move in this direction as it continues to become more dominant and, therefore, a bigger target. The simple truth is that people are ignoring the upgrade prompts that appear on the dashboard and, even if they weren’t, the time lag between an upgrade being available and the site owner actually visiting their dashboard (or checking their email and seeing an upgrade prompt there) will give worms time to play havoc with WordPress’ reputation. We already have people like John Gruber persistently banging an anti-WordPress drum and that will only get louder as more attacks emerge.

    The worst irony is that, the more agile the WordPress team are at responding to new threats and the more frequently they release security upgrades, the more WordPress will be perceived to be insecure.

    I wonder if it would be possible to put in place a review system that allowed plugins to be independently checked and certified to ensure that they are not reliant upon anything that is likely to change in the core? That way, site owners using certified plugins could be more confident that completely automated core upgrades would not break their sites. WordPress could also put in place some sort of check, from a centralized server, to check each site that has undergone an automatic upgrade and email the owner if there seems to be a problem.

    I think that any such automated system should be kept completely separate from plugin upgrades, to avoid being blamed for complications caused by plugin upgrades and thereby getting a bad reputation. The goal should be to get the vast majority of self-hosted WordPress users using completely automated core upgrades, freeing the WordPress team to issue upgrades as frequently as they want, eliminating the time gap and massively reducing the size of the WordPress target.

    1. There are a few reasons out there why some admins wouldn’t want to upgrade automatically (such as one wpmu site I’m setting up with a severely hacked signup process; even though the new signup process is seperate and leaves wp-signup.php intact and in place, I would like the option to review updates to the core code before I upgraded and broke my own model by accident).

      If this was to be built into the WordPress core, it would definitely have to come with an on/off switch, which could defeat it’s usefulness for some who turned it off out of disregard. The benefits for a lot of admins would probably make it well worth it however.

  5. I’d also like to see this in core. An email notifying of WordPress updates/upgrades available.

    As for plugins, even a simple email saying “check your plugins, one or more need attention/upgrading…” would be great.


  6. Yeah that’s ok – I didn’t mean there was a problem with your plugin. I simply meant that it’s *a* shame that the 2 can’t work together (not shame on your plugin!).

  7. The idea of automatic upgrade really doesn’t sit well with me. While I appreciate the intent, and there certainly are a lot of people out there with older installs of WordPress just begging to be hacked, I just can’t get over my wariness of giving a script my full ftp credentials.

  8. An auto-upgrader would be nice. Especially if it went through the plugins and updated those as well. Maybe its just me, but when I see the little numbers next to plugins I feel burdened to update all the plugins on all my blogs. Its tedious

  9. I remember way back 2.2 or 2.3 where there was a plugin – Upgrade Pre-flight Check – which checked readiness of theme and plugins currently used for issues that may cause problems during upgrading to latest WP version and issued warnings … something like that could be included in WP upgrade script. Therefore, user has informed options – find a new plugin/theme or tweak the plugin/theme. If I code this, it would take me at least a year 🙂

  10. http://wordpress.org/extend/plugins/update-notifier/ works fine for WordPress core and plugin updates, even adding a link in the email to the plugin upgrade page.

    However, it doesn’t have the ability to choose how often you’re updated and the ability to block notifications to the site owner. I’m using it to alert me when client blogs need updating and they are getting these emails too every day which is not good!

Leave a Reply

%d bloggers like this:

By continuing to use the site, you agree to the use of cookies. more information

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.