Auto Update WordPress Without FTP

When using the auto-update feature to update WordPress to the newest version or to update your plugins, some users wonder why they need to enter FTP details when others don’t. Or maybe you have to enter the FTP information for your WordPress install on one server but not another. Not only do you have to enter your FTP details to use the automatic upgrade feature, you also have to chmod your wp-content folder to 0777 or 0775 rather than the default 0755 just so you can use the image uploader. If you have root access to your server, I will show you how to fix that.

What is Causing This?

Whenever you use the WordPress control panel to automatically install, upgrade, or delete plugins, WordPress must make changes to files on the filesystem.

Before making any changes, WordPress first checks to see whether or not it has access to directly manipulate the file system.

If WordPress does not have the necessary permissions to modify the filesystem directly, you will be asked for FTP credentials so that WordPress can try to do what it needs to via FTP.

Why Can’t WordPress Write To The Filesystem?

In order to understand why WordPress can’t write to the filesystem, we need to take a look at some WordPress internals.

The following code is from the get_filesystem_method() method in the wp-admin/includes/file.php file:

if( function_exists('getmyuid') && function_exists('fileowner') ){
    $temp_file = wp_tempnam();
    if ( getmyuid() == fileowner($temp_file) )
        $method = 'direct';
    unlink($temp_file);
}

This code creates a temporary file and confirms that the file just created is owned by the same user that owns the script currently being run. In the case of installing plugins, the script being run is.wp-admin/plugin-install.php

This may seem a little counter-intuitive since the only thing WordPress really needs to be able to do is write to the wp-content/plugins directory.

What Should We DO?

First, you want to login to your server as the root user with whatever SSH client you prefer. I use the free and open source Putty.

READ  Setting up Openfire Jabber/XMPP Server on CentOS

We need to see what user apache is running as. We can do this by simply typing the ‘top’ command checking our httpd processes.

root@host # top

As you can see in the above picture, httpd is running as the user ‘nobody.’ Your user may be different depending on your server configuration. Some common ones are nobody, www, or www-data. Just make sure it’s not root. Generally, you will have one httpd process running as root so it can bind to port 80, then a few subprocesses running as a different user. When in doubt, you can also find the user in the httpd.conf.

Now that we have our apache user, let see what user owns our website files. You can do this with.root@host # ls -l /home

From the image above, we can see that the fakeuser/ folder belongs to the user ‘fakeuser’ and the group ‘fakeuser.’ All we need to do here is chown our folder to change the user to the same one as the web server.

root@host # chown -R nobody /home/fakeuser

Now if you ls -l /home again, you will see that the fakeuser folder is now owned by ‘nobody’ as well as all files and folders within it (by using -R for recursive). Now go into your wpadmin and try to use the automatic upgrade again. It will now jump straight into the upgrade without asking for your ftp details. You also wont have to edit permissions when using the image uploader.

Disclaimer: Although this eases your use of wordpress, you may have to change settings for other things such as awstats or cpanel, among other things. All server configurations are different. Use this at your own risk and don’t blame me if you mess something up.