Automating Plugin/Module Updates on Pantheon

Landi Lark is a Support Engineer at Pixo, a custom software product development firm in Urbana, IL.

Updating WordPress plugins and Drupal modules is a pain, but it can become unmanageable when you have dozens or hundreds of sites. Pixo has automated the process to apply all plugin and module updates on Pantheon sites with a simple command. In this post, we explain how to use this automation and we share the code.

Our Motivation

Pantheon already offers one-click updates to WordPress and Drupal core from its developer dashboard, but that does not handle plugins/modules. Drush and WP-CLI offer a command-line utility to update plugins/modules, but they don’t perform all the steps with Pantheon’s Dev/Test/Live environments and git. Today’s web landscape demands an automated approach for applying all plugin and module updates quickly.

Many converging trends are driving more automation:

  • WordPress and Drupal have become the world’s leading CMS platforms by powering millions of websites, but they are also larger targets for security attacks.

  • Zero-day security exploits such as #DrupalGeddon demand running updates immediately to avoid perilous consequences.

  • Most large enterprises now manage a portfolio of numerous WordPress and Drupal websites and need efficiencies of scale.

  • DevOps and continuous integration are letting developers save time and focus on development, and Pantheon has created powerful tools that we can use to build further automation.

It’s no longer sufficient to do updates manually—it’s time for the WordPress and Drupal communities to automate all updates to save time and stay secure.


This automation script builds onto Pantheon to automate every aspect of the update process:

  • Applies all WordPress plug-in and Drupal module and theme updates.

  • Spins up a fresh Pantheon Multidev environment to safely test the updates before applying to Live.

  • Uses Git Flow to make a branch for the updates and then merge into master, keeping your git history consistent.

  • Takes a full backup of the Live site before applying updates there, so you have a safety net.

  • Applies updates to Pantheon’s Dev, Test and Live environments.

  • Cleans up after itself!

Basically, this script takes automating updates with Pantheon to the next level to help enterprises apply updates on many websites more quickly and consistently.

What You Need

This script assumes you have the following prerequisites:

  • A WordPress or Drupal website on Pantheon

  • WordPress or Drupal core are already up-to-date

  • Multidev enabled on your Pantheon site

  • Any workstation with a bash shell or terminal

  • Pantheon CLI, aka Terminus, version 0.9.2+ installed on your workstation

  • Git Flow installed on your workstation

Note on core updates: This script does not update WordPress or Drupal core. It uses the --no-core flag with Drush so it won’t overwrite Pantheon’s upstream. Pantheon push-button automation is the best way to update WordPress and Drupal core. Do that update first, and then use this script for updating plugins and modules.

(Bonus: If you apply your one-click core update on your Pantheon Dev environment first, then that update will be pulled into your Multidev environment and pushed through the Pantheon workflow by this script without the need to use the dashboard GUI.)

Note on Terminus version compatibility: This script has been updated to work with Terminus 0.9.2. If you have a different version of Terminus, you may need to adapt the script.

Why Git Flow?

Perhaps adopting Git Flow seems like asking a lot. It requires an installation and a quick initialization on your repo that we describe below. But the huge benefit is that all WordPress and Drupal security updates can be applied in a consistent way with a consistent git branching strategy each time you update. We highly recommend adopting a consistent Git strategy, and if you don’t like Git Flow you can modify the script to your own needs.

If your site’s repo is not already using Git Flow, to start using it you can follow this link to download it for your workstation. Once installed, change to your local project root (or wherever your .git folder lives) and run `git flow init`. The default options will suffice, so you can choose Yes for all of the options when git flow prompts you.

Voila! Now you’re ready to make manual updates a relic of the past.

Running the Update Script: The Play-by-Play

The script follows this process to automate all the steps of applying plugin and module updates on Pantheon sites:

  1. Authenticate via the Pantheon CLI (Terminus)

  2. Choose which site to update

  3. The script makes a full backup of production database and files

  4. Creates a new Multidev environment where it applies updates

  5. Applies all plugin, module and theme updates

  6. Gives you the Multidev URL when you can review your site

  7. Commits the updates in Git and merges into master

  8. Pushes the updates to all Pantheon environments (Dev, Test and Live)

  9. Cleares caches

  10. Runs updb

  11. Cleans up by deleting the Multidev environment

Let’s walk through each step.

To run the script at your workstation shell, make sure it’s executable with permissions of at least 755, and then run ./

1. Authenticate

The script first authenticates with Pantheon CLI (Terminus) and prompts you to log in if you are not already.

To log in, use your Pantheon dashboard password.

2. Choose a site to update

The script will output a list of the sites you have hosted on Pantheon, including the site name, site ID, and framework.

Select a site by entering its name.

3-4. Preps Multidev and takes a live backup

Next the script will prep your site for an update by creating a new Multidev environment and backing up the production database and files.

Follow the prompt to start creating your backup.

5. Applies all plugin, module and theme updates

The script checks for and applies all available plugin, module and theme updates. The script uses WP-CLI for WordPress and Drush for Drupal updates.

What if there are errors? If there are any errors applying the updates, they will be output to the terminal screen in red and the script will exit to allow you to address those errors. The Multidev branch and git branch will remain in place and will be used next time you run the script.

6. Gives you a Multidev URL to test the site

When the updates are complete, the script will give you a URL where you can visit the updated Multidev environment to QA test the updates. The URL will always match the following pattern: hotfix-up-${SITE}

When you have finished checking the updates, the script will prompt you to merge the updates into the Pantheon Dev environment. If the updates don’t work or break your site, you can abort the process so the updates aren’t applied to production. Abort the script by answering No (or “N”) when prompted or by hitting Ctrl+C.

7. Commits and merges

If the updates look good, you add a commit message.

The script will make a git commit to the hotfix-up branch in your Multidev environment. Then it will merge that branch into master and develop by cloning the repo to the workstation to perform the merge. It will then ask you if you want to delete the Multidev environment.

8. Pushes updates to Dev, Test & Live

Next the script will ask before deploying the updates to all three Pantheon environments (Dev, Test, and Live).

It will prompt you to deploy the changes to the Dev environment. If you choose Yes, it will deploy the updates to each environment on Pantheon without the need to visit the Pantheon dashboard. The script prompts you (Yes/No) for each Pantheon environment (Dev, Test and Live).

After the updates are deployed to all environments, the script will then delete the Multidev environment that was created for the update.

9-10. Clear caches and updates schemas

Deploying automatically clears your caches and runs updb, when appropriate.

11. Congratulations!

The script is finished! It cleans up after itself and you’re on your way.

Where to Get The Script

The script is on GitHub so that everyone can benefit from what we’ve learned. We are open to contributions and pull requests. Or add a comment on this post to let us know if you struggle with automating updates or have ideas to benefit the process.


If you like the script and want to contribute, send us your suggestions or feel free to make changes and submit a pull request. We are constantly trying to improve and streamline our processes. Now, go forth and automate!

Credits: Thanks to all the Pixo colleagues who contributed: Landi Lark and Charles Suggs created and refined the automation script and Brandon Bowersox-Johnson co-authored this blog post.

Topics Agencies, Development, Agency Partners, Drupal