Auto Update WordPress Without FTP
When using the auto update feature to update wordpress to the newest version or to update your plugins, some users wonder why they need to enter ftp details when others don’t. Or maybe you have to enter the ftp information for your wordpress install on one server but not another. Not only do you have to enter your ftp details to use the automatic upgrade feature, you also have to chmod your wp-content folder to 0777 or 0775 rather than the default 0755 just so you can use the image uploader. If you have root access to your server, I will show you how to fix that.
First you want to login to your server as the root user with whatever SSH client you prefer. I use the free and open source Putty.
We need to see what user apache is running as. We can do this by simply typing the ‘top’ command checking our httpd processes.
root@host # top
As you can see in the above picture, httpd is running as the user ‘nobody.’ Your user may be different depending on your server configuration. Some common ones are nobody, www, or www-data. Just make sure its not root. Generally you will have one httpd process running as root so it can bind to port 80, then a few sub processes running as a different user. When in doubt, you can also find the user in the httpd.conf.
Now that we have our apache user, let see what user owns our website files. You can do this with root@host # ls -l /home.
From the image above, we can see that the fakeuser/ folder belongs to the user ‘fakeuser’ and the group ‘fakeuser.’ All we need to do here is chown our folder to change the user to the same one as the webserver.
root@host # chown -R nobody /home/fakeuser
Now if you ls -l /home again, you will see that the fakeuser folder is now owned by ‘nobody’ as well as all files and folders within it (by using -R for recursive). Now go into your wp-admin and try to use the automatic upgrade again. It will now jump straight into the upgrade without asking for your ftp details. You also wont have to edit permissions when using the image uploader.
Disclaimer: Although this eases your use of wordpress, you may have to change settings for other things such as awstats or cpanel, among other things. All server configurations are different. Use this at your own risk and don’t blame me if you mess something up.
June 8th, 2009 at 5:45 am
Actually, if you just chown the public_html directory of the user to “nobody” you run into significantly fewer problems than if you chown the whole user directory.
July 25th, 2009 at 5:12 pm
[...] is outlined in more detail by Rob Spencer on his own blog – really quite handy This entry was posted in Coding and tagged linux [...]
August 5th, 2009 at 4:44 pm
Thanks! This worked like a charm!
August 21st, 2009 at 3:47 pm
When I tried this I go “Operation not permitted.”. Any idea why? I’m trying this for an account on my vps. I’m using putty to log into the account with a non-root id.
Thanks
August 21st, 2009 at 4:30 pm
be sure to su root
August 22nd, 2009 at 1:12 pm
I was able to change the ownership of public_html to “nobody:nobody” but then lost the ability to access the folder with my FTP client. I’ve since changed the ownership to “myuserid:nobody” so now I can access the folder but now I’ve got the original problem of no plugin auto-update! Ugh!
November 6th, 2009 at 12:50 am
Worked great! Thanks.
November 27th, 2009 at 7:34 am
Hi!
I think I have same problem but I can’t login in the server as root, because of my hosting conditions. When I do uploads from wordpress panel then some files or directories are associated to a server default user called ‘apache’, and it cause troubles because I lost any control about those files and dirs.
Is there a php code solutions to chown the right owner ?
November 28th, 2009 at 7:17 pm
@nick, that is a pain in the neck. I just had this problem myself. I haven’t found a simple recursive solution yet but do a google search for “File Thingy PHP”. Just load that script to your www-root and turn on the advanced option (edit the file, give yourself a uname pass etc…)
If you are going to leave that in a public directory, might want to htaccess it. I just moved mine out when I was finished.
February 2nd, 2010 at 5:47 am
Thank you!
April 2nd, 2010 at 4:52 pm
Hey,
there is a easier way to do this. With WP version >= 2.9.2 (or maybe even earlier) its possible to define the following in wp-config.php:
define(‘FS_METHOD’,'direct’);
Regards
May 7th, 2010 at 1:21 pm
It’s worth noting that this process makes your server almost as insecure as just chmodding them to 777. If the apache user can write to the wp directory then scripts uploaded by hackers can too. These uploaded files are how hackers get down to business so you should be afraid of any writeable dirs. Onlu the uploads dir needs to be writeable by apache.
The only secure wp install is one where auto updates and installs don’t work.
May 7th, 2010 at 4:35 pm
Jeremy, yes it is pretty insecure if you’re using insecure file uploads and forms or if you’re on shared hosting. I, however, haven’t used shared hosting for many years.
Robert, that is correct. You can now change the file system method to direct, ssh, ftpext, or ftpsockets. If you still prefer to use ftp then you can define your ftp details in the wp-config.php as well.
See the codex for more info
http://codex.wordpress.org/Editing_wp-config.php#FTP.2FSSH_Constants
August 14th, 2010 at 5:43 am
Lol so easy… Thanks for the post, annoyed me since weeks
August 18th, 2010 at 4:39 pm
This actually did work like a charm and the better option would be to apply these changes to the /public_html folder of the domain.
Because we use cPanel and it has its own settings for each folder it requires the root folder to be the domain owner but When we tried to do it for public_html works beautifully.
Thanks for the tip.
Alexander
[link removed]
August 20th, 2010 at 3:25 pm
[...] directory by chowning the directory. More detailed instructions for this process can be found here http://robspencer.net/auto-update-wordpress-without-ftp/ Share and [...]
September 1st, 2010 at 8:10 am
[...] http://robspencer.net/auto-update-wordpress-without-ftp/ [...]
October 12th, 2010 at 4:50 am
Thanks for such a detailed help. Editing the wp-config file also works fine..
April 8th, 2011 at 5:09 am
@Jeremy Clarke,
Then what should we do to revert it back? I’m scared of my site getting hacked
Thank You
June 13th, 2011 at 10:56 am
ahaha
this is really cool, i have doing a lot of search about this and finally i could update my wordpress by change to owner to apache user and it works, is that ok with change to owner to apache user ?
anyway, many thanks for the posting
June 18th, 2011 at 11:15 pm
@Robert, thanks so much for your tip! I’ve been annoyed with this for weeks!
Thanks!
July 6th, 2011 at 2:45 pm
Just what I was looking for after moving my site to my VPN – thanks!
FYI you should really just chown your HTML directory with www-data, more than that isn;t necessary.
July 13th, 2011 at 9:53 am
man, it was pain in the ass…
never found such an easy solution.,
i also tried chmod -R wp-contents
but it didnt worked out
so as by your steps., i did
chown -R apache /home/admin/mydomain/
and its working like charm.,
thanks a lot., this page is bookmarked.
August 10th, 2011 at 6:38 am
very nice solution thankds
August 13th, 2011 at 12:33 am
truly. preferred profession so far in digg. props!