Anybody running WordPress should be aware of the recent security breach at WordPress HQ, that caused a pretty troubling “tainting” of the 2.1.1 release distribution. The funny thing here is, if you updated to 2.1.1 early enough, or if you got the sources directly from the Subversion repository, you’re “safe.” Well, relatively safe. They apparently added some more security fixes to 2.1.2, so it’s a good idea to upgrade anyway.
If you run WordPress, you’ve probably discovered that upgrading can be somewhat tedious – especially if you have custom changes. The problem is you need to apply all the modified files to your blog directory, without destroying anything custom you’ve popped in there yourself. Assuming you haven’t modified any core files the process is a simple matter of updating the core files while leaving your custom files, e.g. themes and plugins, alone.
For a long time I did these updates by unzipping the release files directly to the affected directory. It turns out that the unarchiving process was “non-destructive” in the sense that it wouldn’t overwrite an entire directory just to update one file. So that worked pretty well. But then one day lurking in the IRC #wordpress channel, I learned a great tip, which is to use Subversion directly to export the release onto your blog directory.
I use Subversion myself for all my web files, so it’s easy to “play with fire” and run a command like this:
svn export --force http://svn.automattic.com/wordpress/tags/2.1.2/ ./
What this does is spray all the files from a particular release (in this case 2.1.2) into my blog directory. Since I’m also running svn, I then have the luxury to “svn status,” “svn diff” etc, and compare the changes. I then test the upgrade and commit the changes to my personal svn repository when everything looks OK.
This technique has essentially cut my “time to upgrade” for WordPress down to about 2 minutes – and I don’t have to deal with downloads, packages, etc. The only downside I can imagine is that if WordPress removes a file, I’ll have a stale copy of it. I suppose I should look into an improved technique that would consider this – but it hasn’t been a problem yet.