Posted on

There are many ways to update a WordPress website. This particular WordPress website is hosted on a Virtual Private Server (VPS) with Contabo. The sites directory is rendered using a nginx and php-fpm via Docker.

A Virtual Private Server (VPS) is like a computer that is always on and accessible over the internet. The “virtual” part indicates that you are technically getting a “piece of the pie” where the pie could be a massive, powerful server with great specs such as many CPU cores, hundreds of GB of RAM, large hard drive space, etc. For all practical purposes, though, it your VPS is isolated from the rest of the server and no other user can access your VPS.

For security purposes, I do not permit updating WordPress Core or any plugins / themes 100% from the front-end. Rather, I use Linux File Permissions, which say “who gets to do what to which file/directory” on my VPS. My default setting is that only my user (with admin, aka sudo privileges) can make changes. The site directory does not have “group” and “other” write permissions, which are required to perform these actions.

Overview of updating WordPress

  1. Login to the VPS using a secure shell (SSH)
  2. Change the permissions on the directory containing the WordPress site to allow for write permissions to the “group” and “other”
  3. Login to the site admin panel and navigate to the “Update” page
  4. Update the WordPress site itself or any plugins / themes you wish to
  5. Change back the permissions to remove write access to the “group” and “other”

Using the Command Line Interface (CLI) for changing permissions

# SSH into the VPS
ssh drpm

# Go to the directory where the WordPress site is
cd ~/personal-website/sites

# Give write permissions to the wordpress folder
sudo chmod go+w -R ./wordpress

############################################################################
# Update wordpress / plugins
# Access the admin panel: https://www.example.com/wp-admin/update-core.php
############################################################################

# Remove write permissions to the wordpress folder
sudo chmod go-w -R ./wordpress

# Keep write permissions for the uploads folder (for media, etc.)
sudo chmod go+w -R ./wordpress/html/wp-content/uploads

# Confirm that the permissions have returned to normal
ls -lahg 
ls -lahg ./wordpress/html/wp-content/uploads

The file permissions should look something like below, where only your user has the “rwx” for “read-write-execute”.

wordpress directory file permissions

WordPress has been successfully updated and your file permissions are secured.