For the last year or so, I’ve spent the majority of my time working on technologies adjacent to what I’ve historically done (case in point), but that doesn’t mean there aren’t times where I’m not still working directly with WordPress.
Recently, I’ve needed to manage a set of servers and sites that needed a round of updates. One of the most common set of updates needed to be performed was updating plugins with known CVEs. The process by which I like to do this is:
- Verify the site as a repository set up to manage the code (and set it up, if not).
- Also verify the repository has wired up to a CI/CD tool so branches, tags, and so on can be deployed across
staging
,beta
, orproduction
environments (and set it up, if not).
Then, the workflow I usually use is, at a high-level, like this:
- Create a
develop
branch off ofmaster
- For each plugin update, create a new
update/
branch (named something likeupdate/plugin-slug
- Perform the actual update
- Then commit that branch to the repository.
Regardless of how many plugins you’re dealing with, this strategy allows you to update plugins independently of one another, perform a revert when necessary, cherry pick certain commits to set up a custom release, and so on.
Ultimately, it allows you to set up tags or, more generally, revisions for how you want to release your site without having to wait for every single plugin or dependency to have a problem resolved.
And it maintains good Git workflow practices.
That said, it’s tedious work. It’s boring enough if it’s, say, a dozen plugins but what if you’re maintaining a site or headless application that has twice – or even four times – that many?
You automate it. That’s why I wrote WP Bulk Plugin Updater.
WP Bulk Plugin Updater: Automate Updates

I describe WP Bulk Plugin Updater as:
A PHP tool that automates WordPress plugin updates with individual Git commits, push capabilities, and detailed logging for easy site maintenance.
The general idea behind the program is simple:
- Find the list of all plugins that need to be updated,
- Create a branch for each plugin that’s updated,
- Commit each branch to the repository.
There are some caveats, though:
- WP CLI. This must be installed. The program will verify that it is, in fact, available and will terminate early if not.
- Git. This should be obviously, but the program is meant to be run in the root of the WordPress project’s installation (it can run in
wp-content
as well but I initially designed it to drop into the application’s root directory). - PHP 7.4. This is the minimum version of PHP required (though you’re always going to hear me pushing for 8+).
Assuming all of those are in place, then you’ve got everything you need for the program to do it’s thing.
The program will also generate two output files: One file tracks the list of plugins that were successfully updated. The other tracks what files need to be manually updated which usually comes in the case of premium plugins.
Finally, if you’re interested in running the program but not actually taking any action until you’re sure it’s going to do what you want, then you can use any of the available options:
--dry-run
: Show what would be updated without making changes--no-push
: Update plugins and commit but don’t push to GitHub--branch=BRANCH
: Set the branch to push to (default: current branch)--help
: Display help information
All of this is available in the README in the repository.
Future State
The program isn’t officially tagged as I’ve been using master
for the work I’ve been doing as of late. If it continues to work fine, then I’ll include a CHANGELOG
, a proper ISSUE_TEMPLATE
, and tag an official version.
Finally, if you use the Bulk Updater and find it useful, open any issues, feature requests, or PRs.