[Attention] Impact on customers using WordPress 6.6 and 6.7 (including their minor versions) with KUSANAGI

Overview

Due to a bug in the feature added in WordPress 6.6, there is an issue where "automatic updates" do not work in environments requiring FTP or SSH authentication. As a result, in environments that have been updated to WordPress 6.6 or later even once, automatic updates for the WordPress core, plugins, and themes will no longer function. This means that updates addressing security issues or other problems in the WordPress core, plugins, or themes will not be applied automatically.

Scope of impact

This will affect customers who meet all of the following conditions.

  • Using WordPress 6.6 or later
  • An environment that requires authentication via FTP or SSH when updating WordPress (*1) (This condition applies to customers using KUSANAGI.)
  • Using PHP 8.0 or later (*2)

Workaround

Manually updating from the WordPress Dashboard

You can manually update WordPress itself, plugins and themes from the WordPress Dashboard. As a countermeasure, regularly log in to the WordPress Dashboard and manually apply updates when available.

Manual update using WP-CLI

UsingWP-CLI (wp command), you can also manually perform updates.

To update the WordPress core: 
wp core update --path=/home/kusanagi/profile_name/DocumentRoot

To update all plugins: 
wp plugin update --all --path=/home/kusanagi/profile_name/DocumentRoot

To update all themes: 
wp theme update --all --path=/home/kusanagi/profile_name/DocumentRoot

Refer to the WP-CLI documentation for more detailas.

In the future

WordPress has acknowledged the issue and plans to address it in version 6.8. However, it is unclear whether fixes will be provided for versions 6.6 and 6.7.

To mitigate the problem regardless of WordPress's actions, KUSANAGI plans to release a feature in January 2025 that complements automatic updates.

*1: This is the case when FS_METHOD in wp-config.php is set to something other than direct. KUSANAGI uses ftpext (ftpsocket in KUSANAGI PHP 8.0 or earlier) by default. This will not affect general shared hosting servers, which use 'direct'.
*2: This will not occur in environments up to PHP 7.4.