So I have some Linux, Ubuntu, servers that are used for shared hosting. Many of the customers use WordPress and I think that it’s an awesome solution that so many can get a great website up and running in almost no time. The flaw with WordPress is that it has a lot of security holes if they don’t upgrade to the latest version. WordPress has a great update feature, but since my customers do not log in on their sites they don’t see that, so what to do. I decided that sending them an email would maybe encourage them a little, specifically the site admin.
I couldn’t find any good script that solved my problem so I decided to copy paste something that would do the trick.
Updated and locate are a good start for finding version.php.
I’ve put my files under /root/scripts/wp-version
run-wp.version-finder.sh looks like this:
updatedb locate wp-includes/version.php | xargs grep "wp_version = " > /root/scripts/wp-version/tmp-version.txt php /root/scripts/wp-version/wp-version.php
The wp-version.php script looks like this:
/root/scripts/wp-version/tmp-version.txt // curl_init and mysql is needed for this to work. // apt-get install php5-intl // Adminiadress, sends short summary. $AdminAdress = "[email protected]"; // Change e-mail adress $ServerName = "SERVER_NAME"; $Sender = "[email protected]"; $myFile = "/root/scripts/wp-version/tmp-version.txt"; $summary = ""; //check for latest WordPress version $apiUrl = 'http://api.wordpress.org/core/version-check/1.6/'; $apiFile = 'cache/api.json'; // Verify that cache folder exist if (!file_exists('cache')) { mkdir('cache', 0777, true); } if((is_file($apiFile) and filemtime($apiFile)< time()-3600) OR !is_file($apiFile)) { $apiContent = getData($apiUrl); if($apiContent!=''){ file_put_contents($apiFile, $apiContent); } } $apiContent = file_get_contents($apiFile); $apiReturn = unserialize($apiContent); $current_version = $apiReturn['offers'][0]['current']; $lines = file($myFile); foreach ($lines as $line_num => $line) { $adminEmail = array(); $siteAdminEmail = array(); $wpversionArr = explode( "'", $line); $wpversion = $wpversionArr[1]; // Verify against wordpress.org if the version is the latest. if (version_compare($wpversion, $current_version, '<')) { // Verify that the file wp-config.php is place. // There is a need to check if the file is found i one of the parent folders, future fix $filename = explode( "wp-includes/", $line); $filename = $filename[0] . "wp-config.php"; if (file_exists($filename)) { $configlines = file($filename); $DB_USER = ""; $DB_PASSWORD = ""; $DB_HOST = ""; $DB_NAME = ""; $tbl_prefix = ""; $siteurl = ""; // get all the variables that is needed for mysql connection. foreach ($configlines as $line_num => $configline) { if (strpos($configline,"'DB_USER'") > 0 ) { $DB_USER = (explode( "'", $configline)); $DB_USER = $DB_USER[3]; } if (strpos($configline,"'DB_USER'") > 0 ) { $DB_USER = (explode( "'", $configline)); $DB_USER = $DB_USER[3]; } if (strpos($configline,"'DB_PASSWORD'") > 0 ) { $DB_PASSWORD = (explode( "'", $configline)); $DB_PASSWORD = $DB_PASSWORD[3]; } if (strpos($configline,"'DB_HOST'") > 0 ) { $DB_HOST = (explode( "'", $configline)); $DB_HOST = $DB_HOST[3]; } if (strpos($configline,"'DB_NAME'") > 0 ) { $DB_NAME = (explode( "'", $configline)); $DB_NAME = $DB_NAME[3]; } if (strpos($configline,"table_prefix") > 0 ) { $tbl_prefix = (explode( "'", $configline)); $tbl_prefix = $tbl_prefix[1]; } } // Connect to the wordpress database $con=mysqli_connect($DB_HOST,$DB_USER,$DB_PASSWORD,$DB_NAME) or die; // Check connection if (mysqli_connect_errno($con)) { echo "Failed to connect to MySQL: " . mysqli_connect_error(); } // Retreve Site URL $sqlquery = "select option_value from " . $tbl_prefix . "options where option_name like 'siteurl'"; $result = mysqli_query($con,$sqlquery); if (!$result) { echo "MySQL ERROR DIED! Retreve Site URL" . PHP_EOL; die('Invalid query: ' . mysql_error()); } while($row = mysqli_fetch_array($result)) { $siteurl = $row['option_value']; $siteurl = (explode( "//", $siteurl)); $siteurl = $siteurl[1]; } // Write version of wordpress installation //echo "WP-Version is: " . $wpversion . PHP_EOL; // Retreve all Admins email address $sqlquery = "SELECT * FROM " . $tbl_prefix . "users JOIN " . $tbl_prefix . "usermeta ON ( " . $tbl_prefix . "users.id = " . $tbl_prefix . "usermeta.user_id ) WHERE " . $tbl_prefix . "usermeta.meta_key LIKE 'wp_user_level' AND " . $tbl_prefix . "usermeta.meta_value = '10'"; $result = mysqli_query($con,$sqlquery); if (!$result) { echo "MySQL ERROR DIED! Retreve all Admins email" . PHP_EOL; die('Invalid query: ' . mysql_error()); } while($row = mysqli_fetch_array($result)) { // Uncomment to send e-mail to all Admins. // send_email( $row['option_value'], $siteurl, $wpversion, $current_version); $tmp = $row['user_email']; array_push($adminEmail, $tmp); } // Retrive the Site Admin email address and spam them until they upgrade wordpress. $sqlquery = "select option_value from " . $tbl_prefix . "options where option_name like 'admin_email'"; $result = mysqli_query($con,$sqlquery); if (!$result) { die('Invalid query: ' . mysql_error()); } while($row = mysqli_fetch_array($result)) { // Uncomment to send e-mail to all Site-Admins. // send_email( $row['option_value'], $siteurl, $wpversion, $current_version); $tmp = $row['option_value']; array_push($siteAdminEmail, $tmp); } mysqli_close($con); } else { echo "NO file found" . PHP_EOL; } $siteurlUTF8 = idn_to_utf8($siteurl); $adminEmailComma = join(", ", $adminEmail); $siteAdminEmailComma = join(", ", $siteAdminEmail); $summary .= $siteurlUTF8 . " "; $summary .= "version: " . $wpversion . " "; $summary .= "Admin Emails: " . $adminEmailComma . " "; $summary .= "SiteAdmin Emails: " . $siteAdminEmailComma . " " . "\r\n"; } } // Comment next line to not send e-mail to server admin.sendAdminSummary($AdminAdress, $summary); function send_email($address, $siteurl, $wpversion, $current_version){ global $Sender; $to = $address; $subject = "Detfinns en ny version av wordpress forsajten: " . idn_to_utf8($siteurl) ; $message = '' . $subject . ' Hej Du får detta meddelande gäller sajten: ' . idn_to_utf8($siteurl) . '. Det har kommit en ny version ' . $current_version . ' av wordpress och eftersom du fortfarande använder version ' . $wpversion . ' så bör den upgraderas. Scandinavian Hosting '; $headers = 'MIME-Version: 1.0' . "\n"; $headers .= 'Content-type: text/html; charset=utf-8' . "\n"; $headers .= 'From: ' . $Sender . "\n"; $headers .= 'Reply-To: ' . $Sender . "\n"; mail($to, $subject, $message, $headers); } functionsendAdminSummary($address, $summary){ global $current_version; global $ServerName; global $Sender; $to = $address; $subject = "Sammanställning avWordpresssajter sombehöveruppdateras"; $message = '' . $subject . ' Hej Här kommer en sammanställning av sajter som behöver uppdateras på ' . $ServerName . ' Senaste versionen av WordPress är ' . $current_version . ' ' . $summary . ' Med Vänlig Hälsning Scandinavian Hosting '; $headers = 'MIME-Version: 1.0' . "\n"; $headers .= 'Content-type: text/html; charset=utf-8' . "\n"; $headers .= 'From: ' . $Sender . "\n"; $headers .= 'Reply-To: ' . $Sender . "\n"; mail($to, $subject, $message, $headers); } // http://yalamber.com/2012/12/get-the-latest-version-number-of-wordpress-using-api/ function getData($url) { if(is_callable('curl_init')){ $ch = curl_init(); $timeout = 5; curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, $timeout); $data = curl_exec($ch); curl_close($ch); return $data; }else{ return file_get_contents($url); } } ?>
The get it all to work I run the main script once a month, first monday at 8:00
cronetab-e
Add a line that looks like this:
0 8 * * 1 /root/scripts/wp-version/run-wp-version.sh
That is all
As always, post a comment if you find it useful.