An assortment of indigestible things

Moving from Debian ‘stable’ WordPress to the latest version

I’ve been running WordPress 3.0.5 for a while now, as it’s the version in the current Debian ‘stable’ repository. For a while now I’ve been meaning to move to the latest and greatest (which, as I write, is 3.3.1), but didn’t want to mess about with pinning in apt to run a ‘mixed system‘. WordPress has had its own automatic upgrade system since 2.7, and with a history of nasty vulnerabilities, I want to be able to apply upgrades as soon as they are released by the WordPress team.

The procedure I followed is broadly similar to WordPress’s own manual update procedure. I’m assuming that you have shell access to your server, and that your WordPress installation is pretty standard for a Debian system.

  1. Backup your database (something like mysqldump --all-databases -p > mysql.dump
  2. Download the latest WordPress release, and unpack it in /opt (to keep it away from anything managed by the Debian packaging system.
  3. Deactivate all plugins from the dashboard in case there are any incompatibilities.
  4. cp -pr /usr/share/wordpress/wp-content /tmp
  5. cp -pr /opt/wordpress/wp-content/* /tmp/wp-content
  6. rm -r /opt/wordpress/wp-content
  7. mv /tmp/wp-content /opt/wordpress
  8. ln -s /etc/wordpress/wp-config.php /opt/wordpress
  9. Copy anything you’ve added yourself from /usr/share/wordpress to /opt/wordpress
  10. …and ditto for /usr/share/wordpress/wp-admin (to /opt/wordpress/wp-admin).

The last two steps are very important. I have .htaccess files in both directories (the latter for security—highly recommended, by the way), and other bits and pieces as well. Don’t copy any stock WordPress files, only those that you’ve added yourself and want to keep.

At this point, your new WordPress installation is configured and ready to go, but not yet in use. The final step is to change the symbolic link in /var/www to point to the new installation, and it’ll start being used immediately. For me this was a case of

cd /var/www
mv old
ln -s /opt/wordpress

Give it a quick test, and if all is well you’re nearly finished. If it’s broken, just rm; mv old (remember to use your domain and not mine :-)). If you’ve got this far and have a shiny new WordPress installation, log into the dashboard—you might be prompted to upgrade the database—and re-enable your plugins. That’s it!

Remember that, although you still have the Debian WordPress packages installed, they’re not being used any more. At some point you could remove them, although I keep them around just in case something terrible happens.


Digitising my radio memorabilia


Metered estate lock-in: an update


  1. Hi, nice article. I’m about to upgrade from 3.3.2 to 3.5 under similiar circumstances (3.5 is still in unstable), and I say this with all due respect, but i’m not all that sure that this method is any easier than pinning.

    Yes, normally, pinning/mixed is for the game, or experienced admin, but (as at this writing), the only deps that bringing in WP 3.5 unstable brings, are:

    The following NEW packages will be installed:
    The following packages will be upgraded:
    libjs-cropper libjs-scriptaculous wordpress

    No scary system libraries, php, or anything else.

    So, after the changes to apt.conf and sources, all I needed was an “aptitude -t unstable install wordpress”, hit the site, upgrade database and all good.

    • flup

      Hi, and many thanks for your detailed comment. My main concern when updating WordPress was security: WP has a chequered history of nasty vulnerabilities, and I wanted to be able to upgrade to the latest version as soon as it was released, as opposed to waiting for the repos to catch up. I know the package maintainers do their best and work very hard, but when I see active exploit attempts against a new zero-day security flaw, I need to patch *now*.

  2. Yeah, that I can understand. Sadly, my upgrade isn’t 100% all good – I’m getting the “tinymce editor not working” issue, and none of the popular fixes work 🙁

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Powered by WordPress & Theme by Anders Norén