WP-CLI Auto-Update Configuration Complete Guide

WordPress updates are a pain point for many site owners — every version update requires logging in, clicking buttons, waiting, and possibly dealing with plugin incompatibility issues. What's more, security patches often need to be applied immediately, but they're easy to forget.

I've been running this process completely automated for 18 months using WP-CLI + cron. Here's my actual configuration.

Method 1: Pure WP-CLI Command Line (Simplest)

Install WP-CLI:

curl -O https://raw.githubusercontent.com/wp-cli/builds/gh-pages/phar/wp-cli.phar
chmod +x wp-cli.phar
sudo mv wp-cli.phar /usr/local/bin/wp
wp --info  # Verify installation

Update WordPress core:

wp core update           # Update to latest stable
wp core update-db        # Run database migration if needed

Update all plugins:

wp plugin update --all

Update all themes:

wp theme update --all

I automated all of these with cron — no manual update button clicks since October 2024.

Method 2: Auto-Update Script (Production Recommended)

The pure command line approach has a downside: no notifications when updates fail. I wrote a script on the server that combines updates + notifications + logging:

#!/bin/bash
# /opt/wp-auto-update.sh

LOGFILE="/var/log/wp-auto-update.log"
WEBROOT="/var/www/example.com"

echo "[$(date)] Starting WordPress update" >> $LOGFILE

cd $WEBROOT

# Update core
wp core update >> $LOGFILE 2>&1
if [ $? -eq 0 ]; then
    echo "[$(date)] WordPress core update succeeded" >> $LOGFILE
else
    echo "[$(date)] WordPress core update failed" >> $LOGFILE
fi

# Update database
wp core update-db >> $LOGFILE 2>&1

# Update plugins (excluding potentially problematic ones)
wp plugin update --all --exclude=akismet,hello-dolly >> $LOGFILE 2>&1

# Update themes
wp theme update --all >> $LOGFILE 2>&1

echo "[$(date)] Update complete" >> $LOGFILE

Add execute permission:

chmod +x /opt/wp-auto-update.sh

Method 3: Cron Configuration (The Core Part)

Use cron to automate update execution. I configured three different frequency update strategies:

Daily Auto-Update (Recommended Configuration)

# Run at 3 AM daily
0 3 * * * /opt/wp-auto-update.sh >> /var/log/wp-cron.log 2>&1

WordPress Auto-Update (Minor Versions)

Since WordPress 5.6, minor version auto-updates are supported but disabled by default. Enable in wp-config.php:

// Enable minor version auto-updates (e.g. 6.8.x → 6.8.1)
define( 'WP_AUTO_UPDATE_CORE', 'minor' );

This configuration lets WordPress minor security patches apply automatically, while major versions (like 6.8→6.9) still require manual handling.

Plugin/Theme Security Update Auto-Approval

Some plugin security updates are urgent. To avoid delays from admin oversight, add to wp-config.php:

// Auto approve plugin security update notifications (but don't auto-update)
define( 'AUTOMATIC_UPDATER_DISABLED', false );

Troubleshooting Common Issues

Issue 1: Update Failed, "Another Update Is Currently In Progress"

WordPress database lock is stuck. Solution:

wp option delete core_updater.lock

Then re-run the update.

Issue 2: Site Crashed After Plugin Update

Test with dry-run before updating:

wp plugin update akismet --dry-run

If problems are found, exclude the problematic plugin:

wp plugin update --all --exclude=akismet,another-problematic-plugin

Issue 3: Database Needs Upgrade After Update

After every WordPress major version upgrade, database migration must run:

wp core update-db

For multisite:

wp core update-db --network

Issue 4: Updates Consuming Too Much Bandwidth

For multiple WordPress sites, updates can run serially to reduce bandwidth. Add to script:

# Each site runs 5 minutes apart
0 3 * * * sleep 300 && /opt/wp-auto-update-site1.sh
5 3 * * * /opt/wp-auto-update-site2.sh

Post-Update Verification Checklist

After updates complete, I check three things:

1. Visit site homepage, confirm it loads normally

2. Check WordPress dashboard → Tools → Site Health for errors

3. Review wp-content/debug.log (if debug mode is enabled)

A verification script:

#!/bin/bash
curl -s -o /dev/null -w "%{http_code}" https://example.com/ | grep -q "200"
if [ $? -eq 0 ]; then
    echo "[$(date)] Site is normal" | mail -s "WP Update Verified" admin@example.com
else
    echo "[$(date)] Site is abnormal" | mail -s "WP Update Warning" admin@example.com
fi

When Full Auto-Update Is Not Suitable

Full auto-update is not suitable for:

• **Highly customized themes**: Updates may overwrite your CSS modifications. Use a child theme and disable auto-updates
• **Sites depending on specific plugin versions**: Some older plugins behave differently under newer WordPress versions. Verify in a staging environment first
• **Enterprise websites**: Usually have change management processes. Not suitable for midnight auto-updates

For these sites, consider: enable minor auto-updates, and handle major versions through CI/CD pipeline verification in staging before manual deployment.

Summary

My actual configuration:

• WP-CLI auto-update script + cron daily execution
• Minor version auto-update enabled in wp-config.php
• Post-update auto-verification script + abnormal email notifications
• 18 months: ~540 plugin updates, 24 core updates processed, zero incidents

If your WordPress site is still manually updating, start using WP-CLI today. Simplest way to begin:

curl -O https://raw.githubusercontent.com/wp-cli/builds/gh-pages/phar/wp-cli.phar
chmod +x wp-cli.phar
sudo mv wp-cli.phar /usr/local/bin/wp

Then try wp plugin list to see your site's plugin list.

👉 Experience more efficient website building: MiniMax Platform | WordPress Series Overview