Monitoring the WordPress up-to-date status.

This script checks whether there are updates for your WordPress installation. It’s written in PHP to use the WordPress code itself, we don’t need to to reinvent the wheel ;-)

There are two options to check your WordPress installation:

  • Web-based checks: access the WordPress installation trough an HTTP connection (no need to have access to the actual files)
  • Local installation checks: check the files in the actual installation directory

Web-based checks

If you are not allowed or however not able to setup Nagios/Icinga (or whatever monitoring solution you’re using) on the web-server you can check the WP-core-version remotely. The plugin will download your website and compares the version in the header with the lastes version provided by the WordPress-API. It’s only working if you don’t suppress the header field <meta name="generator" content="WordPress 3.2" /> , e.g. with plugins like Secure WordPress. Just pass your domain together with --web to the plugin:

check_wp.php --web /

Of course you can also monitor foreign WordPress installations. If your installation is covert by an untrusted cert you might disable cert-validation-checks with --insec-cert :

check_wp.php --insec-cert --web

Executing the script with --web will just try to check the WP-core version. There is no chance to check for plugin or theme updates via web. So the more compfortable way might be to check local installations.

Local installation checks

If your monitoring solution has access to your installation files you should provide this path along with --dir :

check_wp.php --dir /dir/to/your/installation

This execution will check for updates of your WP-core, your plugins and your themes. Of course some of these checks can be disabled with --no-core , --no-plugins or --no-theme . If you have a mutli-site installation you can provide the domain to check with --domain .


Web-based checks and local installation checks are disjoint, you can’t do both variants in one call. If you want to do so, just set up two different monotoring service definitions.

Here is the code.


Please consider to take a look at my general setup notes.

Download: PHP: check_wp.php (Please take a look at the man-page. Browse bugs and feature requests.)

Martin Scharm

stuff. just for the records.

Do you like this page?
You can actively support me!


BOK | Permalink |

Nice plugin, but it’s not fully working as expected. When I check a dir (not domain / web) and don’t want theme- and / or plugin-checks, it thinks I’m kidding. But that’s a quit valid question, right? :) Even when set these options to “false” in the code, it’s spitting out this error…

Martin Scharm | Permalink |

Hey BOK,

you are absolutely right, it was my fault. There was a bool bug but now it’s fixed!

Thanks for the report, hopefully now it will work for you.

Kind regards Martin

Roy P | Permalink |

I’m having trouble with a site that has a Wordpress HTTPS plugin installed. Below is the error that I am getting when the check tries to run against the directory.

<!-- WordPress HTTPS Proxy Check --> function getCookie(a){var b=document.cookie;var c=a+"=";var d=b.indexOf("; "+c);if(d==-1){d=b.indexOf(c);if(d!=0)return null}else{d+=2;var e=document.cookie.indexOf(";",d);if(e==-1){e=b.length}}return unescape(b.substring(d+c.length,e))}if(getCookie("wp_proxy")!=true){if(window.location.protocol=="https:"){document.cookie="wp_proxy=1;path=/; expires=Sun, 24-Apr-2022 13:03:46 GMT"}else if(getCookie("wp_proxy")==null){document.cookie="wp_proxy=0;path=/; expires=Sun, 24-Apr-2022 13:03:46 GMT" if(getCookie("wp_proxy")!=null){window.location.reload() else{document.write("You must enable cookies.")}} Your browser does not support JavaScript.

Roy Lindauer | Permalink |

Thank you! This is exactly what I was looking for.

Leave a comment

There are multiple options to leave a comment: