* Upgrade API: WP_Automatic_Updater class
* Core class used for handling automatic background updates.
* @since 4.6.0 Moved to its own file from wp-admin/includes/class-wp-upgrader.php.
#[AllowDynamicProperties]
class WP_Automatic_Updater {
* Tracks update results during processing.
protected $update_results = array();
* Determines whether the entire automatic updater is disabled.
* @return bool True if the automatic updater is disabled, false otherwise.
public function is_disabled() {
// Background updates are disabled if you don't want file changes.
if ( ! wp_is_file_mod_allowed( 'automatic_updater' ) ) {
// More fine grained control can be done through the WP_AUTO_UPDATE_CORE constant and filters.
$disabled = defined( 'AUTOMATIC_UPDATER_DISABLED' ) && AUTOMATIC_UPDATER_DISABLED;
* Filters whether to entirely disable background updates.
* There are more fine-grained filters and controls for selective disabling.
* This filter parallels the AUTOMATIC_UPDATER_DISABLED constant in name.
* This also disables update notification emails. That may change in the future.
* @param bool $disabled Whether the updater should be disabled.
return apply_filters( 'automatic_updater_disabled', $disabled );
* Checks whether access to a given directory is allowed.
* This is used when detecting version control checkouts. Takes into account
* the PHP `open_basedir` restrictions, so that WordPress does not try to access
* directories it is not allowed to.
* @param string $dir The directory to check.
* @return bool True if access to the directory is allowed, false otherwise.
public function is_allowed_dir( $dir ) {
if ( is_string( $dir ) ) {
if ( ! is_string( $dir ) || '' === $dir ) {
/* translators: %s: The "$dir" argument. */
__( 'The "%s" argument must be a non-empty string.' ),
$open_basedir = ini_get( 'open_basedir' );
if ( empty( $open_basedir ) ) {
$open_basedir_list = explode( PATH_SEPARATOR, $open_basedir );
foreach ( $open_basedir_list as $basedir ) {
if ( '' !== trim( $basedir ) && str_starts_with( $dir, $basedir ) ) {
* Checks for version control checkouts.
* Checks for Subversion, Git, Mercurial, and Bazaar. It recursively looks up the
* filesystem to the top of the drive, erring on the side of detecting a VCS
* ABSPATH is always checked in addition to whatever `$context` is (which may be the
* wp-content directory, for example). The underlying assumption is that if you are
* using version control *anywhere*, then you should be making decisions for
* how things get updated.
* @param string $context The filesystem path to check, in addition to ABSPATH.
* @return bool True if a VCS checkout was discovered at `$context` or ABSPATH,
* or anywhere higher. False otherwise.
public function is_vcs_checkout( $context ) {
$context_dirs = array( untrailingslashit( $context ) );
if ( ABSPATH !== $context ) {
$context_dirs[] = untrailingslashit( ABSPATH );
$vcs_dirs = array( '.svn', '.git', '.hg', '.bzr' );
foreach ( $context_dirs as $context_dir ) {
// Walk up from $context_dir to the root.
$check_dirs[] = $context_dir;
// Once we've hit '/' or 'C:\', we need to stop. dirname will keep returning the input here.
if ( dirname( $context_dir ) === $context_dir ) {
// Continue one level at a time.
} while ( $context_dir = dirname( $context_dir ) );
$check_dirs = array_unique( $check_dirs );
// Search all directories we've found for evidence of version control.
foreach ( $vcs_dirs as $vcs_dir ) {
foreach ( $check_dirs as $check_dir ) {
if ( ! $this->is_allowed_dir( $check_dir ) ) {
$checkout = is_dir( rtrim( $check_dir, '\\/' ) . "/$vcs_dir" );
* Filters whether the automatic updater should consider a filesystem
* location to be potentially managed by a version control system.
* @param bool $checkout Whether a VCS checkout was discovered at `$context`
* or ABSPATH, or anywhere higher.
* @param string $context The filesystem context (a path) against which
* filesystem status should be checked.
return apply_filters( 'automatic_updates_is_vcs_checkout', $checkout, $context );
* Tests to see if we can and should update a specific item.
* @global wpdb $wpdb WordPress database abstraction object.
* @param string $type The type of update being checked: 'core', 'theme',
* 'plugin', 'translation'.
* @param object $item The update offer.
* @param string $context The filesystem context (a path) against which filesystem
* access and status should be checked.
* @return bool True if the item should be updated, false otherwise.
public function should_update( $type, $item, $context ) {
// Used to see if WP_Filesystem is set up to allow unattended updates.
$skin = new Automatic_Upgrader_Skin();
if ( $this->is_disabled() ) {
// Only relax the filesystem checks when the update doesn't include new files.
$allow_relaxed_file_ownership = false;
if ( 'core' === $type && isset( $item->new_files ) && ! $item->new_files ) {
$allow_relaxed_file_ownership = true;
// If we can't do an auto core update, we may still be able to email the user.
if ( ! $skin->request_filesystem_credentials( false, $context, $allow_relaxed_file_ownership )
|| $this->is_vcs_checkout( $context )
if ( 'core' === $type ) {
$this->send_core_update_notification_email( $item );
// Next up, is this an item we can update?
if ( 'core' === $type ) {
$update = Core_Upgrader::should_update_to_version( $item->current );
} elseif ( 'plugin' === $type || 'theme' === $type ) {
$update = ! empty( $item->autoupdate );
if ( ! $update && wp_is_auto_update_enabled_for_type( $type ) ) {
// Check if the site admin has enabled auto-updates by default for the specific item.
$auto_updates = (array) get_site_option( "auto_update_{$type}s", array() );
$update = in_array( $item->{$type}, $auto_updates, true );
$update = ! empty( $item->autoupdate );
// If the `disable_autoupdate` flag is set, override any user-choice, but allow filters.
if ( ! empty( $item->disable_autoupdate ) ) {
* Filters whether to automatically update core, a plugin, a theme, or a language.
* The dynamic portion of the hook name, `$type`, refers to the type of update
* Possible hook names include:
* - `auto_update_translation`
* Since WordPress 3.7, minor and development versions of core, and translations have
* been auto-updated by default. New installs on WordPress 5.6 or higher will also
* auto-update major versions by default. Starting in 5.6, older sites can opt-in to
* major version auto-updates, and auto-updates for plugins and themes.
* See the {@see 'allow_dev_auto_core_updates'}, {@see 'allow_minor_auto_core_updates'},
* and {@see 'allow_major_auto_core_updates'} filters for a more straightforward way to
* @since 5.5.0 The `$update` parameter accepts the value of null.
* @param bool|null $update Whether to update. The value of null is internally used
* to detect whether nothing has hooked into this filter.
* @param object $item The update offer.
$update = apply_filters( "auto_update_{$type}", $update, $item );
if ( 'core' === $type ) {
$this->send_core_update_notification_email( $item );
// If it's a core update, are we actually compatible with its requirements?
if ( 'core' === $type ) {
$php_compat = version_compare( PHP_VERSION, $item->php_version, '>=' );
if ( file_exists( WP_CONTENT_DIR . '/db.php' ) && empty( $wpdb->is_mysql ) ) {
$mysql_compat = version_compare( $wpdb->db_version(), $item->mysql_version, '>=' );
if ( ! $php_compat || ! $mysql_compat ) {
// If updating a plugin or theme, ensure the minimum PHP version requirements are satisfied.
if ( in_array( $type, array( 'plugin', 'theme' ), true ) ) {
if ( ! empty( $item->requires_php ) && version_compare( PHP_VERSION, $item->requires_php, '<' ) ) {
* Notifies an administrator of a core update.
* @param object $item The update offer.
* @return bool True if the site administrator is notified of a core update,
protected function send_core_update_notification_email( $item ) {
$notified = get_site_option( 'auto_core_update_notified' );
// Don't notify if we've already notified the same email address of the same version.
&& get_site_option( 'admin_email' ) === $notified['email']
&& $notified['version'] === $item->current
// See if we need to notify users of a core update.
$notify = ! empty( $item->notify_email );
* Filters whether to notify the site administrator of a new core update.
* By default, administrators are notified when the update offer received
* from WordPress.org sets a particular flag. This allows some discretion
* in if and when to notify.
* This filter is only evaluated once per release. If the same email address
* was already notified of the same new version, WordPress won't repeatedly
* email the administrator.
* This filter is also used on about.php to check if a plugin has disabled
* @param bool $notify Whether the site administrator is notified.
* @param object $item The update offer.
if ( ! apply_filters( 'send_core_update_notification_email', $notify, $item ) ) {
$this->send_email( 'manual', $item );
* Updates an item, if appropriate.
* @param string $type The type of update being checked: 'core', 'theme', 'plugin', 'translation'.
* @param object $item The update offer.
public function update( $type, $item ) {
$skin = new Automatic_Upgrader_Skin();
// The Core upgrader doesn't use the Upgrader's skin during the actual main part of the upgrade, instead, firing a filter.
add_filter( 'update_feedback', array( $skin, 'feedback' ) );
$upgrader = new Core_Upgrader( $skin );
$upgrader = new Plugin_Upgrader( $skin );
$context = WP_PLUGIN_DIR; // We don't support custom Plugin directories, or updates for WPMU_PLUGIN_DIR.
$upgrader = new Theme_Upgrader( $skin );
$context = get_theme_root( $item->theme );
$upgrader = new Language_Pack_Upgrader( $skin );
$context = WP_CONTENT_DIR; // WP_LANG_DIR;
// Determine whether we can and should perform this update.
if ( ! $this->should_update( $type, $item, $context ) ) {
* Fires immediately prior to an auto-update.
* @param string $type The type of update being checked: 'core', 'theme', 'plugin', or 'translation'.
* @param object $item The update offer.
* @param string $context The filesystem context (a path) against which filesystem access and status
do_action( 'pre_auto_update', $type, $item, $context );
/* translators: %s: WordPress version. */
$skin->feedback( __( 'Updating to WordPress %s' ), $item->version );
/* translators: %s: WordPress version. */
$item_name = sprintf( __( 'WordPress %s' ), $item->version );
$upgrader_item = $item->theme;
$theme = wp_get_theme( $upgrader_item );
$item_name = $theme->get( 'Name' );
// Add the current version so that it can be reported in the notification email.
$item->current_version = $theme->get( 'Version' );
if ( empty( $item->current_version ) ) {
$item->current_version = false;
/* translators: %s: Theme name. */
$skin->feedback( __( 'Updating theme: %s' ), $item_name );
$upgrader_item = $item->plugin;
$plugin_data = get_plugin_data( $context . '/' . $upgrader_item );
$item_name = $plugin_data['Name'];
// Add the current version so that it can be reported in the notification email.
$item->current_version = $plugin_data['Version'];
if ( empty( $item->current_version ) ) {
$item->current_version = false;
/* translators: %s: Plugin name. */
$skin->feedback( __( 'Updating plugin: %s' ), $item_name );
$language_item_name = $upgrader->get_name_for_update( $item );
/* translators: %s: Project name (plugin, theme, or WordPress). */
$item_name = sprintf( __( 'Translations for %s' ), $language_item_name );
/* translators: 1: Project name (plugin, theme, or WordPress), 2: Language. */
$skin->feedback( sprintf( __( 'Updating translations for %1$s (%2$s)…' ), $language_item_name, $item->language ) );
$allow_relaxed_file_ownership = false;
if ( 'core' === $type && isset( $item->new_files ) && ! $item->new_files ) {
$allow_relaxed_file_ownership = true;
$is_debug = WP_DEBUG && WP_DEBUG_LOG;
if ( 'plugin' === $type ) {
$was_active = is_plugin_active( $upgrader_item );
error_log( ' Upgrading plugin ' . var_export( $item->slug, true ) . '...' );
if ( 'theme' === $type && $is_debug ) {
error_log( ' Upgrading theme ' . var_export( $item->theme, true ) . '...' );
* Enable maintenance mode before upgrading the plugin or theme.
* This avoids potential non-fatal errors being detected
* while scraping for a fatal error if some files are still
* While these checks are intended only for plugins,
* maintenance mode is enabled for all upgrade types as any
* update could contain an error or warning, which could cause
* the scrape to miss a fatal error in the plugin update.
if ( 'translation' !== $type ) {
$upgrader->maintenance_mode( true );
// Boom, this site's about to get a whole new splash of paint!
$upgrade_result = $upgrader->upgrade(
'clear_update_cache' => false,
// Always use partial builds if possible for core updates.
'pre_check_md5' => false,
// Only available for core updates.
'attempt_rollback' => true,
// Allow relaxed file ownership in some scenarios.
'allow_relaxed_file_ownership' => $allow_relaxed_file_ownership,
* After WP_Upgrader::upgrade() completes, maintenance mode is disabled.
* Re-enable maintenance mode while attempting to detect fatal errors
* and potentially rolling back.
* This avoids errors if the site is visited while fatal errors exist
* or while files are still being moved.
if ( 'translation' !== $type ) {
It is recommended that you Edit text format, this type of Fix handles quite a lot in one request
