Bluehost Open Sources Script Used to Update 2.5 Million WordPress Sites


During the 2015 State of the Word address, Matt Mullenweg highlighted Bluehost‘s recent efforts to update its customers’ outdated WordPress sites. After finding that 80% of their WordPress installations were not on the latest version, Bluehost wrote a Perl script that uses WP-CLI to update sites, even those running on versions as old as 1.0.2. The company successfully updated more than 2.5 million customer sites.

According to Bluehost representative Mike Hansen, the script took about a month to run through all of the outdated sites. First, it checks the status of a site, then backs everything up, and then runs all updates via WP-CLI. The script then checks the site to see if everything is good. If anything breaks, it restores the backup. Hansen said that they execute it on a cron job so that it doesn’t require a person to run it. The company uses the script to continually update WordPress sites without customers having to initiate updates.

Bluehost used the script to successfully update 99% of the WordPress sites on its platform. After the first major update, fewer than 0.007% of customers reported issues and WordPress-related technical support requests have been reduced by 18%.

“Our support requests are down partly because we are not getting as many hacked sites on super old versions of WordPress,” Hansen told the Tavern. “Things break less often. Plugin and theme incompatibilities have been reduced.

“Initially we were considering upgrading core, then plugins, then themes but we realized that doing them all at once was the most successful route,” he said.

Bluehost’s initiative was a huge vote of confidence for WordPress updates, as they have now been battle tested by the host all the way back to very old versions. When 4.3 was released, Bluehost was able to do 2.6 million core updates, along with plugins and themes.

Yesterday the company open sourced the WP Tools update script under the GPL license. It’s now available on GitHub for any person or hosting company to use or modify. The script received its first pull request in less than 24 hours. With contribution from other hosts working to make the internet more secure, WP Tools has the potential to become even more reliable for ongoing WordPress updates.

Check out the video below to see the part of the State of the Word where Matt Mullenweg tells Bluehost’s story of updating outdated WordPress sites:


21 responses to “Bluehost Open Sources Script Used to Update 2.5 Million WordPress Sites”

  1. Wow, amazing to make such an implementation at scale. I’d think the dev team was probably sweating bullets all month. Big Accomplishment though. Did you have to get user approval to make such an update

  2. My compliments. This approach I agree with for many reasons. The first is the process begins with backing up the site. Verifying the update worked and if not restoring the backup.

    That’s the way it should be done.

  3. Not always a good thing. The client had a custom WordPress theme created a couple of years ago. Someone much later created a theme with the same name and released it. That theme also had a child theme.

    BlueHost upgraded the theme It broke the client’s website.

  4. The hosting company should keep updated server’s software such as PHP, MySQL … instead of user’s app. I can not imagine, that my host touches any of my files.
    The interesting thing here, that Bluehost updated WP, but still not on php7. Is Bluehost hosting company or managed WP service?
    Anyway, update so many websites with success is technically cool work.

    • Moving to PHP7 isn’t as straightforward as I first thought it would be. Depending on their supported modules I can understand why they aren’t on 7 yet since some of them haven’t a stable release yet.

      Also 2 Months ago at the WordPress community summit it was discussed how to upgrade safely the PHP version. That is also a huge challenge to be tackled. It’s still on my plate to build some tools to check the quality of a plugin and which versions it works on

      • Tread carefully Marko. I am finding even certain very experienced software developer ~ who shall remain nameless ~ and the kind of developer you would have thought would know better, is saying his software has been updated, tested and runs on PHP 7.x, But I’m finding it doesn’t. In fact it even abends upon activation. Just goes to show there’s nothing like a real world environment for testing/breaking software.

        • I totally get that. That is also what worries hosts to force update customers PHP version. Currently they don’t have good enough options to check if a site breaks. So every additional piece they can use is a win for them and the community. In the end it’s all about reducing breaking customers sites.

    • PHP 7.x for production environments means you like to live at the edge of the razor.

      Here for production (and we manage servers with >50M of hits daily on the OPC cache) we use 5.5.x versions and no one blamed/cried for it.

      I would be very vary of being hosted at a place where their PHP is a 5.2 or a 5.3 and their support says about ‘compatibility matrix’ or BS like that.

      Certainly cPanel et al doesn’t help to alleviate this.


Subscribe Via Email

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

%d bloggers like this: