Putting FTP Info in wp-config.php to Ease Updates
Are you hosting your WordPress sites on one of those hosts where WordPress asks you to provide FTP details before upgrading itself or upgrading plugins? So when you click to do an upgrade, instead of just launching into the update process, you get a screen that looks like this instead:
I don’t have experience with loads and loads of different hosts, but I can tell you that when hosting on Media Temple (gs), upgrades generally “just work”, but if you are using their more powerful (dv) service (which I definitely recommend), you’ll run into the FTP thing.
Under the hood
A while back, Joost De Valk had the same problem and created a plugin that helped him and may help you. As he explains it:
Filesystem access is available, the files are owned by me, but the webserver doesn’t run as me, and thus, WordPress doesn’t detect the automatic update correcly.
The core of the issue is that when WordPress does these upgrades for you on your behalf, it is the server that is doing the work, which runs as the ‘apache’ user. By default, at least on the (dv) server, the ‘apache’ user doesn’t have write access to your web directories.
Something that may be useful, Media Temple has an article called Run PHP with FastCGI1 with a potential solution.
Because of the ownership that Plesk assigns to your website files and directories, Apache does not have permission to write to your web directories by default. This can cause permission errors in some applications – for example, a PHP upload script.
1 Editor’s note: 404 link removed.
And SO ANYWAY…
If you just want to fix it and not fiddle with plugins or fancy server altering techniques, the easiest way is just to provide your FTP details. You can do that as WordPress asks you for them.
Or to save yourself the hassle, you can provide these details in your wp-config.php file and auto upgrading will be back to “just working”.
Here is the full set of things you can define as per the Codex:
define('FS_METHOD', 'ftpext');
define('FTP_BASE', '/path/to/wordpress/');
define('FTP_CONTENT_DIR', '/path/to/wordpress/wp-content/');
define('FTP_PLUGIN_DIR ', '/path/to/wordpress/wp-content/plugins/');
define('FTP_PUBKEY', '/home/username/.ssh/id_rsa.pub');
define('FTP_PRIKEY', '/home/username/.ssh/id_rsa');
define('FTP_USER', 'username');
define('FTP_PASS', 'password');
define('FTP_HOST', 'ftp.example.org');
define('FTP_SSL', false);
However, I only needed these to get mine to work:
define('FS_METHOD', 'ftpext');
define('FTP_BASE', '/var/www/vhosts/chriscoyier.net/httpdocs/');
define('FTP_USER', 'username');
define('FTP_PASS', 'password');
define('FTP_HOST', 'host');
define('FTP_SSL', false);
If you have trouble getting the full set to work, definitely try paring back to my trimmed down example.
36 responses
-
This is a great resource to know and will come in handy for one of the sites I work with. Thanks for pointing it out!
The VPS/Plesk account I tried this on has an additional problem: the lack of ability to create a temporary file when it installs. While this trick does get installations past the initial FTP download login screen, it produces the following error:
“Downloading update.. Download failed. Could not create Temporary file.”
I’m guessing this is the same issue about restricted write access to to web directories but I never found a solution sadly. Thus, I continue to do this manually.
-
Make sure you /tmp directory has permissions to read/write for all (777).
-
No permission should ever be set to 777. There is no exception. The problem described is the result of a misconfigured server (common among a great many hosts). As was said above, properly configuring the server to allow php to run under the correct ownership will correct the problem without compromising security.
-
-
-
If you do want to get into server altering things, then google for “setuid apache” for info on how to configure your server to run PHP code as the user who owns it. With this configuration (which is the default on most shared hosting system, as it’s more secure for that case), then it just goes and does it, no FTP info required.
-
This is a problem that has been bugging me for a long time. I have made a couple updates manually, but I have been procrastinating the latest (to 3.0.1). I tried the trick described above, but I’ve been having problems with the FTP_BASE line. I tried every possible combination available on my FTP access: “/account_name/Web/directory/” (where “directory” is the folder where “wp-content” is located), “/Web/directory/” and just “/directory/”, but I always get a message saying it couldn’t find the “wp-content” folder.
I know you can’t possibly know every setting for every server out there, but do you know of a command that can make me see the path?
-
Thanks, Chris.
I tried that, and found the data, on lines like _SERVER[“APPL_PHYSICAL_PATH”] (“e:homeaccount_nameWebdirectory”) and _SERVER[“URL”] (“/directory/teste.php”). So I added “home” to the beginning, to no avail again.
Maybe it’s related to the fact I’m using WordPress in Portuguese? Since it’s mostly code-related, I’d doubt that, but…
-
Did you do “/home”?
-
-
Thanks, Peter.
Yes, I did, as I did only “/account_name/”, “/Web/” and “/directory/”. There’s no combination left other than skipping one of the parts. hehehehe
-
What about /home/account_name/? Try contacting your hosting provider and ask them what the full path of your hosting account is?
-
-
“/home/account_name/” wouldn’t do it, because there’s “Web/” in the middle, but I tried just for the sake of it, and it didn’t work as well. I opened a help desk case with them a couple hours ago (after I tried what Chris suggested), but I still haven’t gotten an answer.
-
– Use a command line FTP.
– Connect to your server.
– Use “cd whatever” commands to get to the WordPress root folder (where wp-settings.php is).
– Type “pwd” to make it print the working directory.
– That will be what you should put in for the FTP_BASE.If you like, you can also define FTP_CONTENT_DIR and FTP_PLUGIN_DIR in the same manner.
-
Thanks, Otto.
I tried what you said, and it showed me “/account_name/web/directory/”, which in the end is one of the options I tried on Tuesday. My server says everything is normal, and that it should work, and since the server is properly configured (according to them) they can’t help me any further on this matter.
But thanks anyway to all those who tried to help!
-
-
I have a Media Temple (dv) and looks like I only needed to put this for base: define(‘FTP_BASE’, ‘/httpdocs/’);
-
This is handy to have, but if you are installing plugins which you have not written, make sure you look at the code of the plugin very carefully. It would be very easy for a plugin developer to grab this info and email out to someone which then could hack your site via http://FTP...
-
Agreed. Plus it’s always going to be yoinked info if someone gains access to your wp-config.php file. Which is highly unlikely but then leaves your ftp details out in the wild.
-
-
Thanks for the post guys, I just have one question. Do you know if there’s a similar technique when using SFTP? (Not FTPS)
-
Craig – Looks like you change the FS_METHOD to ssh:
<< Link >>
-
Thank you :)
-
-
-
I encounter a weird problem for one of my customer’s websites which located on a shared hosting. I tried to add your code to wp-config, and also tried without it, just to enter the ftp host/user/pass in the WP admin panel, but got an error message that my username or password are not correct. But, when using these same credentials with FileZilla, I can login with no problems to the FTP server.
Does anyone encountered such an issue?
This thing makes me unable to upgrade core or plugins when needed, just manually upgrade them via FTP, pretty annoying..
Thanks
-
THANKS a lot of this post.
I’ve been wondering my ass off and banging against the wall “Why won’t it ** remember it on that site but it does on the other one“. I partially understand now (with the ‘apache user’ and all) but I still don’t quite understand it though.
If WordPress can assess it without being apache user if I type it in the password, why won’t it simply store it ?
-
I think because it’s one more potential security hole. If someone will hack your wordpress and find out ftp credentials in your database somehow – it will be much worse then just don’t save ftp credentials and let user enter ftp info every time.
I also think the same issue is with saving this data in wp-config.
-
-
Question: wouldn’t there be security concerns with putting username/passord/server information into a plain text file (PHP) on the server? Otherwise, (running a DV instance myself), seems like a great method — thanks for the post!
-
Yeah it’s a bit concern, if a user manages to do a little PHP injection they will be able to see your FTP details.
It really depends on how large your blog is and how many plugins/modifications you have. If you have a large website or a lot of user input areas it’s not worth the trade off of inputting your FTP details.
Also, I’m quite sure some configurations of WP do not require FTP details to do an update anyway.
-
-
I’ve always found the FTP to be slooow compared to direct access. What I did on my server was allow the Apache user to write to the WordPress files (chown and chmod helped there) and then set
define('FS_METHOD', 'direct');
And it became a LOT faster :)
-
FYI, To avoid such security issues we developed “Blog Permissions Tool” at ultimateblogsecurity.com. It allows to set write permissions to plugins/themes folder in a minute. And after an update/installation of plugin return them back to read only state.
However it’s not free feature, but maybe someone will find it useful.
-
one question
i often install plugins online (by using Plugin > search > install) which means transfering files into my host and then install it. as i remembered, i never asked for FTP information before but the WP can do a file transfer
how can it possibly done?
-
I don’t know, but that happens to me, too. I had never noticed that!
-
-
Hey Chris, that is a pretty cool little hack. Thanks for sharing.
-
I don’t understand this issue in wordpress. I read it is some problem with shared hostings not running php with user credentials (suPHP, fastCGI or whatever running in suExec mode) but apache ones. But how that could be a problem in this case?
If I go to any computer with an ftp client, I would run that ftp client with that computer credentials. But on the ftp client I connect to a ftp server with my credentials and on what concerns to the server that is the user connected not other.
WordPress is asking for ftp host (server) and credentials. If it is really using file transfer protocol the files uploaded to our webspace should arrive there with our credentials and have no problem to write the files. (as any ftp client hasnt)
The error I receive from wordpress is that it is not able to find the wp-content folder, it is not that it is not able to connect. It is able to connect because if I set wrong ftp host or username or password the error you get is unable to find the host (not able to connnect).
Why is not there other input to insert that piece of data? And it shouldnt be so difficult to provide that. It should be as any other ftp client. Example if when I connect to that ftp host with my credentials I reach folder / and inside is a folder /www and inside I have /blog and there is my wordpress installation, wouldn’t it be the path to wordpress in concerns to the ftp client /www/blog ? In my opinion should be something like that.
Anyway it is supposed that’s exactly what we can do configuring the FTP details in wp-config.php but it does not work for me either.
I provide the paths and wordpress now goes to a blank page when I try to install a new plugin with the automatic installer and when I try to delecte one installed it takes a long time to tell me it has been deleted (which is a false message because it hasn’t done so).
This all happens to me in wordpress 3.0.2.
I can’t understand what I’m missing. I have decided to use Joost De Valk plugin that works in my case though I still wonder why and ftp connection with all data supplied has something to do with php script running with apache credentials.
-
Hi guys!
great! thanks for sharing. works all fine for me, BUT when I’m going to update or install a plugin following error occurs:
“Warning: array_keys() [function.array-keys]: The first argument should be an array in /path/to/wp-admin/includes/class-wp-upgrader.php on line 189. Incompatible archive.”
My wp-config.php seems like that:
define('FS_METHOD', 'ftpext'); define('FTP_BASE', /is/where/wordpress/lies/subdir/'); define('FTP_CONTENT_DIR', '/is/where/wordpress/lies/subdir/wp-content/'); define('FTP_PLUGIN_DIR', '/is/where/wordpress/lies/subdir/wp-content/plugins/'); define('FTP_USER', 'XXX'); define('FTP_PASS', 'XXX'); define('FTP_HOST', 'localhost'); define('FTP_SSL', false);
any ideas?
Thanks!
-
Aloha. I have the same basic settings as Timo above, except I’m using ssh as the FS_METHOD because the server my install on has FTP disabled. When I click on the “update automatically” button, the server returns me to the update page with the FTP options page and this:
“Error: There was an error connecting to the server, Please verify the settings are correct.”
I’ve ssh’d into the server with the log information in my config file with no problem. Running 3.0 currently.
-
Works well with these few options
define('FS_METHOD', 'ftpext'); define('FTP_USER', 'user'); define('FTP_PASS', 'pass'); define('FTP_HOST', 'host'); define('FTP_SSL', false);
-
Thanks for this. I’ve been a WordPress geek for a while and just now came across your page explaining that storing the FTP connection info can be done. Just updated a network site to 3.4.1 and a handful of plugins and didn’t have to go digging for the password.