I finally got around to updating this site’s wordpress installation. The reason for the long delay was that the online updating process from wordpress was broken. I had originally thought this was because I had used non-standard permissions in the wordpress directory (using ‘hardened’ permissions), but it turns out that this was not the case.
Instead, for some reason, during my last update to wordpress almost a year and a half ago, the ownership of some of the files was not assigned to the Apache webserver. The permissions were okay, but the owner was wrong. This prevents the online update from working. These mis-owned files were actually shown during the latest version of the update process. Is this a new display for the update process, or have I been missing this for the last 18 months??
In any case, the explanation of the failed update was still not very clear in describing the problem, nor was this page. It took a fair amount of head-scratching and experimenting to finally realize that the answer is simply to chown -R the wordpress directory using the web server name, and the update will work. Note that if you have any symlinks in your directory, the source file also needs to be chowned, not just the symlink. (If I have misstated this, please let me know!)
Having been put on full maintenance alert, I also took a look at my log files, which showed that my xmlrpc file is being regularly hammered by ‘guests’ who claim to be from the Ukraine. Who knows where they’re really from. This is a well-known problem, so I’ve simply blocked that functionality for now.
In addition, some bot claiming to be from Majestic 12 has been ringing my bell non-stop, so I’ve put up a robots.txt file as well. Of course that won’t do any good if it’s just some hacker with a Majestic 12 text label on his bot. We’ll see.