SOLVED [CPANEL-23030] cPanel fails to detect manually updated wordpress

[Smartypants]

Running into a fairly ridiculous glitch in the "Scripts library"/"Site Software" component: every day, it sends me a "Software Security Notice - Script installs need upgrading" EMail for one account on that server where WordPress was installed using Site Software. It tells me that the install needs to be updated & includes a link to do, but....

GLITCH #1) When I click the link that supposedly allows updating the install, it initially looks like it will work - I get a warning to backup first first and an "Upgrade" button - but if I click "Upgrade", I just get a message stating that CPanel is not capable of updating that particular software:

"Warning: WordPressX does not support managed upgrades, use the WordPress built-in upgrade tools."

GLITCH #2) To get around that, I figured I could just login to the WordPress dashboard and install the update that way - which seemed to mostly work, in that the "Site Software" page in CPanel lists the correct version & no longer prompts me to update... but then the next day, I get the same "Software Security Notice - Script installs need upgrading" EMail again. Now, the details in the message are incorrect: it claims that the install is running "WordPressX.0 v4.9.8" (which it's not because I manually upgraded to 5.0.2) - even though the "Site Software" page correctly detects the current installed version.

GLITCH #3) Since the notifications are effectively useless, I looked for a way to turn them off... only to discover that, at least according to CPanel, they are ALREADY off: "Your account is not configured to receive notifications when updates for your installs are available. Click here to turn it on." But that's clearly wrong, since I'm still receiving the notifications.

Those seem like fairly clear-cut bugs/flaws in CPanel, will they be fixed at some point...? Or that the very least, is any actual working option for preventing CPanel from "crying 'wolf'" about software updates that have already been installed?

 

[cPanelLauren]

Hi @Smartypants

Which version of cPanel are you running? There have been some similar issues with the WPM and I wanted to see if the version you're running is a version that these should be resolved in.


Thanks!

 

[Smartypants]

Hi @Smartypants

Which version of cPanel are you running? There have been some similar issues with the WPM and I wanted to see if the version you're running is a version that these should be resolved in.

WHM version is 76.0.18 - I don't CPanel version listed separately anywhere, so I'm assuming it's version number is the same as WHM's.

 

[cPanelLauren]

Hi @Smartypants

GLITCH #1) When I click the link that supposedly allows updating the install, it initially looks like it will work - I get a warning to backup first first and an "Upgrade" button - but if I click "Upgrade", I just get a message stating that CPanel is not capable of updating that particular software:

Your cPanel/WHM versions will both be the same. I'm not able to replicate the issues you're having with WPM and the case I thought might be related to yours is noted as fixed in v76. With that being said, is it possible to provide any output in the cPanel error log during when this occurs? If you do the following:

mv /home/$user/.cpaddons/cPanel\:\:Blogs\:\:WordPressX.0.yaml

When going to the UI in cPanel does it display the correct information and/or allow for you to update it?

GLITCH #2) To get around that, I figured I could just login to the WordPress dashboard and install the update that way - which seemed to mostly work, in that the "Site Software" page in CPanel lists the correct version & no longer prompts me to update... but then the next day, I get the same "Software Security Notice - Script installs need upgrading" EMail again. Now, the details in the message are incorrect: it claims that the install is running "WordPressX.0 v4.9.8" (which it's not because I manually upgraded to 5.0.2) - even though the "Site Software" page correctly detects the current installed version.

You can most definitely do this - well at least you should be able to. I confirmed this is functioning on my v78 server. Here's how I replicated this:

1. Created a new wordpress installation (this installs v4.9.9 as 5.0.3 hasn't been added to our packages yet)

2. received the notification message as follows:

Warning: A newer version of WordPress (v5.0.3) is available. Since you have disabled automatic updates, you must update this installation via the WordPress administration interface.

with a link to my dashboard.

3. Click the link and update to the newest version of WP.

When I came back to my Wordpress Manager instance this was reflecting as being updated though

GLITCH #3) Since the notifications are effectively useless, I looked for a way to turn them off... only to discover that, at least according to CPanel, they are ALREADY off: "Your account is not configured to receive notifications when updates for your installs are available. Click here to turn it on." But that's clearly wrong, since I'm still receiving the notifications.

Can you tell me the specific notifications you're receiving? Can you also tell me the output of the following:

cat /home/$user/.cpaddons_notify

 

[Smartypants]

Hi @Smartypants




Your cPanel/WHM versions will both be the same. I'm not able to replicate the issues you're having with WPM and the case I thought might be related to yours is noted as fixed in v76. With that being said, is it possible to provide any output in the cPanel error log during when this occurs? If you do the following:

mv /home/$user/.cpaddons/cPanel\:\:Blogs\:\:WordPressX.0.yaml

That command produces an error:

mv: missing destination file operand after `/home/$user/.cpaddons/cPanel::Blogs::WordPressX.0.yaml'

Is the objective to rename the file, or move to a different directory? I tried renaming by adding ".BAK" & that seems to have worked, at least in that "Site Software" no longer shows that - does that mean it will no longer send me "Software Security Notice - Script installs need upgrading" EMails? If so, that would be my preference - WordPress has its own manual AND auto-update functions, don't see any need manage through CPanel, even if worked.

When going to the UI in cPanel does it display the correct information and/or allow for you to update it?

Yes, but it already did that - it's only the "Software Security Notice - Script installs need upgrading" EMails that incorrectly show the version number.

You can most definitely do this - well at least you should be able to. I confirmed this is functioning on my v78 server. Here's how I replicated this:

1. Created a new wordpress installation (this installs v4.9.9 as 5.0.3 hasn't been added to our packages yet)

2. received the notification message as follows:

with a link to my dashboard.

3. Click the link and update to the newest version of WP.

When I came back to my Wordpress Manager instance this was reflecting as being updated though

"Dashboard," as in a link to the wp-admin folder or wp-login page? The notification I receive only contains a link to the site software interface in CPanel.

Can you tell me the specific notifications you're receiving?

The ones I mentioned in the OP, with the subject line "Software Security Notice - Script installs need upgrading". If you need the content of the message, it is (with the customer domain munged for privacy):

Hello root,

In order to protect the security of your users' websites, we recommend that you
upgrade the following scripts installed via the "Scripts Library" in the cPanel interface:

[loristraus]
- WordPressX.0 v4.9.8
Location: at http://CUSTOMERADDONDOMAIN.com/
Latest: v5.0.2
Upgrade here: https://CUSTOMERMAINDOMAIN.com:2083...rkinginstall=cPanel::Blogs::WordPressX.0.yaml

Can you also tell me the output of the following:

cat /home/$user/.cpaddons_notify

Yes:

No such file or directory

 

[cPanelLauren]

That command produces an error:

mv: missing destination file operand after `/home/$user/.cpaddons/cPanel::Blogs::WordPressX.0.yaml'

Is the objective to rename the file, or move to a different directory? I tried renaming by adding ".BAK" & that seems to have worked, at least in that "Site Software" no longer shows that - does that mean it will no longer send me "Software Security Notice - Script installs need upgrading" EMails? If so, that would be my preference - WordPress has its own manual AND auto-update functions, don't see any need manage through CPanel, even if worked.

That's my fault I failed to give you the command correctly, it should have been:

mv /home/$user/.cpaddons/cPanel::Blogs::WordPressX.0.yaml{,.bk}

But yes the sole purpose was to rename it to filename.bk - essentially what i wanted this to do was for it to regenerate the yaml file, which it sounds like it did successfully. As long as the regenerated yaml is correct you shouldn't get the incorrect information in site software.

As for the notifications, now that it's not showing as being outdated you shouldn't be getting the notifications any longer but can you double check and let me know what you have at WHM>>Server Contacts >>Contact Manager -> Notifications of Outdated Software?

Thanks!

 

[Smartypants]

Apologies, lost track of this. The "Notifications of Outdated Software" setting is unchecked, shows a priority of "Medium."

Also, while the steps you suggested earlier (moving/renaming the
cPanel::Blogs::WordPressX.0.yaml file) seem to have worked for that particular account, I'm now encountering the same issue with a brand new account. In a nutshell, I'm getting the "Software Security Notice - Script installs need upgrading" notifications sent to root - which prompt me to login to CPanel to perform the upgrade, but that still doesn't actually work, I just get the same error message as before:

Warning: WordPressX does not support managed upgrades, use the WordPress built-in upgrade tools.

Is there way to prevent that, and avoid the need to manually move/rename the yaml file every time?

Also, I noticed something else possibly-related: the notices are addressed to root, yet they contain CPanel links via the account/customer's domain name. If these are root notifications, shouldn't the links be using the server's hostname instead?

P.S.
Since opening this thread, the affected server has been updated to 78.0.13.

 

[cPanelLauren]

This shouldn't be occurring every time, in fact, I did another search through our internal cases and it looks like we have one open CPANEL-23030 for this issues - until the issue is resolved though unfortunately, you'll have to move the .yaml file as the workaround is just that:

"Disable notification by moving cPanel .yaml file out of the way: 'cPanel\:\:Blogs\:\:WordPressX.0.yaml'"

I'll update here when there's any changes/resolution to the internal case

Thanks!

 

[cPanelMichael]

Hello,

To update, this is fixed in version 82. Here's the entry in the cPanel & WHM version 82 Change Log:

Fixed case CPANEL-23030: Fix incorrect WordPress update notifications.

You can see which versions are published to each Release Tier on the link below:

Latest cPanel & WHM Builds

Thank you.