So you’re upgrading a Plugin, a Theme or the WordPress Core. Thanks to the built-in upgrade function it’s a piece of cake for most of us. But have you noticed that on some installations WordPress will ask for your FTP credentials, while on others it doesn’t?
I certainly have, and I wondered how this could be explained. I have installations on the same server that behave differently, so it can’t be a server issue. It must have to do with the way WordPress was installed (Fantastico installs don’t ask for credentials, whereas manual installs do).
More to the point: how can we avoid this from happening? Let me share my findings with you 😉
Why is this happening?
Let’s first start by looking why this issue happens in the first place. According to Chris Abernethy, there’s a PHP script that checks if it owns the files it wants to amend during an upgrade. This is usually not the case because PHP is not run as your FTP user but as Apache (your server wide web-server programme responsible for dishing out HTTP files to your browser).
Some installations have been installed by a PHP script, for which this check would be true and no questions are being asked. If the check is not true (for manual installs), you’re being prompted for FTP credentials.
What can we do about’t, Cap’n?
There are two solutions we can look at. Neither of them are a massive security risk, but still I think that an extra prompt isn’t a big issue. I see it as “impvored security” rather than an annoyance. But I can understand that for development servers and heavy site users it can get a tad annoying.
Option 1: Define your Credentials in wp-config.php
It’s as easy as opening your wp-config.php file in the WordPress root directory in a text editor and adding the following lines of code somewhere near the top (underneath all the other “define” statements):
Fairly self explanatory. You can define an FTP port by using ftp.yourwebsite.com:21 (for port 21) if you like. Save, Upload, Happiness.
Option 2: Use suPHP
suPHP is an Apache “support” programme that needs to be installed on your server. It allows the PHP script to run as the user who owns the PHP files, meaning that the script has the necessary permissions to update itself directly. However, this requires root access to your server (not for the faint-hearted).
Once logged in via SSH, you can install it via yum like this:
# yum install mod_suphp
More details on this subject and configuration details can be found at Linux Hosting Support
I have to admit that although I like this idea very much, I have it running on a test server but it doesn’t actually get rid of the FTP prompts. Not sure why and I’ll keep trying, just thought I’d put it out there…
Option 3: Change Owner Permissions
You *could* change owner permissions of all your web files to your web server – that way, if PHP is run by the Apache process, the script would in fact own all the files it needs to upgrade and not ask for your credentials. Here’s how you do that (once you’ve logged in via SSH and switched into the directory in question):
# chown -hR apache:apache *
This command assumes that your web server is in fact called “apache” – you can find out by having a look at /etc/group.
And there you have it! Alternatively, there’s always Option 4: Live with it 😉