June 5, 2012

384 words 2 mins read

WordPress: Updates without FTP/SFTP

I’ve been using WordPress on Snowulf for almost two years. In that time, one of the most important things I learned was how to enable updates via SSH/FTP. Today, I bring you something that may very well relegate that post to an amusing anecdote. It turns out that the more recent versions of WordPress, with a little bit of tweaking, can update themselves without any FTP/SFTP access at all!

I originally “found” the trick to updating WordPress by total accident while setting up

Carpal.tw for Jeff (He’s a buddy of mine from the Wikimedia days and I’m helping out on the server side). The problem is… I didn’t know how I did it (made WordPress update itself without FTP). Maybe I installed an extra Apache module, maybe there was a config setting in PHP that I forgot about… who knows. So last week I was assisting someone with setting up their new website (which they were doing their selves, from domain to DNS to server to WordPress) and they wanted to know how to do the easy updates in WordPress… so I struck out to find them the information.

Turns out it is really simple.

  • Find out the user your Apache is running under, in Ubuntu/Debian this is www-data. If you don’t know, run ps axu|grep apache (or grep http).
    • Find out where your WordPress is installed (for this example /var/www will be used).
      • chown -R www-data /var/www — Change the OWNER of the files to the Apache user (must be the owner, group does not matter/work).
        • chmod -R 755 /var/www — Make sure owner has full permissions to all files
        Yeah, that’s it. Set the owner to Apache and change the file permissions. Some security people will warn you of the dangers of using Apache’s anonymous user for your files. It makes it easy to nuke your entire site if another Apache process becomes compromised/runs amok. Instead of being scared, I recommend running some backups and not executing any PHP scripts with the command “rm -rf /” in them (and for the love of god newbies – do not run that previous command: it will erase you entire hard drive). Additionally, props to Mustaza, keekerdc, and rootninja who’ve got more information on this issue and some further help debugging (if you need it).