Created
January 25, 2022 19:46
-
-
Save sarahg/691602f038e9f2540faa528d268edc7c to your computer and use it in GitHub Desktop.
Checks all paid WP sites in a given org for plugin security updates.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
# This script checks all paid sites in a Pantheon org for security updates. | |
# | |
# Usage: | |
# ./pan-wp-sec-check.sh your-org-id | |
set -eou pipefail | |
PANTHEON_ORG_UUID=${1} | |
# Get WordPress sites with a paid site plan. | |
PAID_WP_SITES="$(terminus org:site:list "$PANTHEON_ORG_UUID" --filter="plan_name!=sandbox&&framework=wordpress" --format=list --field=Name)" | |
# Check each site to see if it has pending security updates. | |
while read -r SITENAME; do | |
PLUGINS="$(terminus wp "${SITENAME}".live -- launchcheck plugins --format=json < /dev/null | jq -c '.plugins.alerts | to_entries[] | select (.value.vulnerable != "None") | .key')" | |
for PLUGIN_SLUG in $PLUGINS; do | |
echo "🚨 $SITENAME needs to update $PLUGIN_SLUG" | |
# Un-comment the following if you want to actually run the plugin update right meow: | |
# terminus connection:set "${SITENAME}".dev sftp | |
# terminus wp "${SITENAME}".dev -- plugin update "${PLUGIN_SLUG}" --format=summary < /dev/null | |
# terminus env:commit "${SITENAME}".dev --message="Updated ${PLUGIN_SLUG}" | |
# Un-comment this part if you want to push to Test: | |
# terminus env:deploy "${SITENAME}".test | |
# terminus env:clear-cache "${SITENAME}".test | |
# terminus wp "${SITENAME}".test -- core update-db < /dev/null | |
# And un-comment this if you want to go yolo-mode and push to Live: | |
# terminus backup:create "${SITENAME}".live --element=db | |
# terminus env:deploy "${SITENAME}".live | |
# terminus env:clear-cache "${SITENAME}".live | |
# terminus wp "${SITENAME}".live -- core update-db < /dev/null | |
done | |
done <<< "$PAID_WP_SITES" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Usage tips:
Stick this in your
~/.ssh/config
file to silence unimportant SSH warnings from Pantheon:Write output to a file + the screen like this:
./pan-wp-sec-check.sh $PANTHEON_ORG_ID | tee -a ohcrap.txt