Bluehost Open Sources Script Used to Update 2.5 Million WordPress Sites

bluehost

During the 2015 State of the Word address, Matt Mullenweg highlighted Bluehost‘s recent efforts to update its customers’ outdated WordPress sites. After finding that 80% of their WordPress installations were not on the latest version, Bluehost wrote a Perl script that uses WP-CLI to update sites, even those running on versions as old as 1.0.2. The company successfully updated more than 2.5 million customer sites.

According to Bluehost representative Mike Hansen, the script took about a month to run through all of the outdated sites. First, it checks the status of a site, then backs everything up, and then runs all updates via WP-CLI. The script then checks the site to see if everything is good. If anything breaks, it restores the backup. Hansen said that they execute it on a cron job so that it doesn’t require a person to run it. The company uses the script to continually update WordPress sites without customers having to initiate updates.

Bluehost used the script to successfully update 99% of the WordPress sites on its platform. After the first major update, fewer than 0.007% of customers reported issues and WordPress-related technical support requests have been reduced by 18%.

“Our support requests are down partly because we are not getting as many hacked sites on super old versions of WordPress,” Hansen told the Tavern. “Things break less often. Plugin and theme incompatibilities have been reduced.

“Initially we were considering upgrading core, then plugins, then themes but we realized that doing them all at once was the most successful route,” he said.

Bluehost’s initiative was a huge vote of confidence for WordPress updates, as they have now been battle tested by the host all the way back to very old versions. When 4.3 was released, Bluehost was able to do 2.6 million core updates, along with plugins and themes.

Yesterday the company open sourced the WP Tools update script under the GPL license. It’s now available on GitHub for any person or hosting company to use or modify. The script received its first pull request in less than 24 hours. With contribution from other hosts working to make the internet more secure, WP Tools has the potential to become even more reliable for ongoing WordPress updates.

Check out the video below to see the part of the State of the Word where Matt Mullenweg tells Bluehost’s story of updating outdated WordPress sites:

21 Comments


  1. Chapeau – Very ambitious but well done. My respect for such a task

    Report


  2. Awesome, CLI all the way :)

    Report


  3. Wow, amazing to make such an implementation at scale. I’d think the dev team was probably sweating bullets all month. Big Accomplishment though. Did you have to get user approval to make such an update

    Report


  4. My compliments. This approach I agree with for many reasons. The first is the process begins with backing up the site. Verifying the update worked and if not restoring the backup.

    That’s the way it should be done.

    Report


  5. I maintain just 60+ sites so its easy for me to keep them updated, but updating more than 2.5 million customer sites would scare me S H one T less.

    Props to the devs and admins at Bluehost.

    Report


  6. Not always a good thing. The client had a custom WordPress theme created a couple of years ago. Someone much later created a theme with the same name and released it. That theme also had a child theme.

    BlueHost upgraded the theme It broke the client’s website.

    Report


    1. Fortunately, Bluehost saves the backup they made right before updating. You can restore that backup from the “WordPress Tools” section of the Bluehost control panel and then turn off updates for themes for that specific site. Hope this helps.

      Report


      1. Yes you are right Garth, my theme was broken after this update, and just restored my backup to get my site working properly.

        Report


  7. The hosting company should keep updated server’s software such as PHP, MySQL … instead of user’s app. I can not imagine, that my host touches any of my files.
    The interesting thing here, that Bluehost updated WP, but still not on php7. Is Bluehost hosting company or managed WP service?
    Anyway, update so many websites with success is technically cool work.

    Report


    1. Moving to PHP7 isn’t as straightforward as I first thought it would be. Depending on their supported modules I can understand why they aren’t on 7 yet since some of them haven’t a stable release yet.

      Also 2 Months ago at the WordPress community summit it was discussed how to upgrade safely the PHP version. That is also a huge challenge to be tackled. It’s still on my plate to build some tools to check the quality of a plugin and which versions it works on

      Report


      1. Tread carefully Marko. I am finding even certain very experienced software developer ~ who shall remain nameless ~ and the kind of developer you would have thought would know better, is saying his software has been updated, tested and runs on PHP 7.x, But I’m finding it doesn’t. In fact it even abends upon activation. Just goes to show there’s nothing like a real world environment for testing/breaking software.

        Report


      2. I totally get that. That is also what worries hosts to force update customers PHP version. Currently they don’t have good enough options to check if a site breaks. So every additional piece they can use is a win for them and the community. In the end it’s all about reducing breaking customers sites.

        Report


    2. As Matt mentioned in the State of the Word, Bluehost is also updating customers PHP versions.

      Report


      1. Yes, it’s the bullshit from many hosting companies, something like HDD is not dead, we have a full garage of them, and nobody want buy them from us, so enjoy our “unlimited” hosting running on Cpanel from 90′ :)

        Report


    3. PHP 7.x for production environments means you like to live at the edge of the razor.

      Here for production (and we manage servers with >50M of hits daily on the OPC cache) we use 5.5.x versions and no one blamed/cried for it.

      I would be very vary of being hosted at a place where their PHP is a 5.2 or a 5.3 and their support says about ‘compatibility matrix’ or BS like that.

      Certainly cPanel et al doesn’t help to alleviate this.

      Report


  8. Any clue about why they choose Perl to handle this? Is Perl good for scripiting servers? Thanks Bluehost for sharing this!

    Report


    1. At my previous job at a host they also used it for some tasks. But personally never used it so can’t say much about it then it has a lot of linux library packages.

      My main guess would be that it’s one of the few languages that was already available on the servers and from those it was the best option.

      Report


    2. Perl was pretty-much the de-facto standard scripting language in POSIX systems for the biggest part of 90’s and 00’s.

      Report

Comments are closed.