Automatic Updates

[BizAssure]

I am looking into writing a script for automatic updates for all the sites that I manage. Since BPS has to be configured everytime there is an update, do you have any suggestions for automating this? Thanks!

[AITpro Admin]

BPS does not have to be configured/reconfigured during/after an upgrade.  The upgrade is automated to automatically update .htaccess files and whatever else needs to be updated.  What is required though is that in order for that automatic update to happen/complete successfully is that an Administrator to the site must be logged into that site.

I have tried figuring out a way to do this safely with remote management applications that will remotely install plugins/themes updates, but I always run into the same issue/problem:  Since BPS is writing to files as part of the automatic update and is doing some database updates then how do you allow the file writing to occur externally without an Administator being physically logged into the site without making file writing forced from an external source possible from a login account with permissions lower then an Administrator?

The obvious danger of allowing/triggering file writing from an external source at all is it leaves the site vulnerable to being exploited from an external source.  Since BPS upgrades only require that an Admin is logged in and nothing more then I am having a hard time justifying spending much time on looking into this any further.  Example:  An Admin logs in, installs the BPS upgrade and logs out of the site.  The Admin does not have to wait around for the auto-update message to be cleared/refresh the Browser – the auto-update has already been completed when the auto-update Dashboard message is displayed.

[BizAssure]

Thanks for the response. Maybe we have it set up incorrectly, but everytime there is an update (for all of our sites), we always have to activate the security modes for the root folder, wp-admin, and master htaccess folder. Is there something I’m missing?

[AITpro Admin]

When you do a BPS update and refresh your Browser do the alerts go away?  If so, then the displayed alerts you are seeing are telling you that the automatic update has completed successfully.  If not, and you have to activate BulletProof Modes again in order to make the alerts go away then do you also have to change Ownership or file permissions in order to activate BulletProof Modes?

[BizAssure]

I don’t have to change Ownership or file permissions, but I do have to re-activate the BP modes. Refreshing does not make the message disappear.

[AITpro Admin]

hmm that does not make sense?  If the .htaccess files are writable then the automatic update should complete successfully.  If you can activate BulletProof Modes without changing Ownership or permissions then the automatic update should also already complete successfully.  Also do you have BPS Pro or BPS?  I think you have Pro correct?

[BizAssure]

I have Pro.

[AITpro Admin]

Ok I will switch this Topic to Pro Forum instead of Free.  I would like to login to one of your sites to see why this is happening.  Please create a temporary WordPress Admin login to one of these sites and send the login directly to me edward at ait-pro dot com.  Please create a secure password – Example secure password:  h#@*b63Wey4!#H2! (do not use this one and instead create a similar secure password).

[BizAssure]

I apologize, I was incorrect, we do have to change file permissions when re-activating after an update. Would that be a server issue then?

[AITpro Admin]

Ok that makes sense then.  We are working on a way to get DSO and non-suPHP configured Servers to play nice, but it is proving to be a very difficult challenge.  We will figure out a way to do this without having to create massive amounts of new coding in BPS Pro, but this is going to take some time.  WordPress has already figured this out so it would be smarter to hook into whatever WordPress is already doing if that is possible.

Please post this System Information about your website/Server.  You will find this on the BPS Pro System Info tab page:

Server Type: 
Operating System: 
Server API: 

[BizAssure]

Server Type: Apache/2.2.15
Operating System: Linux
Server API: apache2handler – Your Host Server is using DSO or another SAPI type.

[AITpro Admin]

Since you have DSO you do have the option of setting the folder permissions on the /bulletproof-security plugin folder to 777.  ONLY if you are using the Plugin Firewall.  The Plugin Firewall completely protects all plugins in the plugins folder so it is completely safe to change folder permissions on the /bulletproof-security folder to 777.  This will allow automation in most of the BPS Pro functions, but unfortunately the root .htaccess file automatic update is outside of the /bulletproof-security folder.  The root .htaccess file is located in your website root folder and IT IS NOT safe to change file permissions to 777 permanently for the website root folder.  Temporary permission change is ok.  At some point we will figure out how to get this working for DSO Servers, but for now DSO Servers require extra manual steps.

http://forum.ait-pro.com/forums/topic/bulletproof-security-pro-compatibility-check-upgrading-from-bps-free-to-bps-pro/

[BizAssure]

Thanks!

[Author]

Posts