Automatic Upgrade Feature of WordPress Without FTP

I was intrigued by the automatic update feature of recent (2.7+?) versions of WordPress because I hate upgrades as much as the next guy.  Unfortunately, it didn’t work for all 3 WordPress installs for which I am responsible.

There’s a new security issue for WordPress, so I spent some time trying to figure out how to get the update feature to work.  When I attempted the update in the WordPress Admin section, it requested my FTP login settings.  Well, I don’t use FTP for maintaining these blogs.

Fortunately, it turns out that WordPress will only require FTP permissions if the file permissions are configured in a compatible manner.

This post cleared it up:

http://robspencer.net/auto-update-wordpress-without-ftp/

The gist is to set the owner of the WordPress files to the same user as the process that runs Apache.  Running a basic chown command did the trick!

Now I just have to research to make sure that this makes sense from a security standpoint…

Tags: , , , , , , ,

One Response to “Automatic Upgrade Feature of WordPress Without FTP”

  1. Ash Says:

    I ave a situation where my server got hacked due to a client letting the FTP credentials get into the wrong hands and another where the attack came by way of a folder with the wrong level of permissions.

    I would like to allow my clients to update their wordpress without giving them the FTP but am very concerned about changing owners mucking things up with the security.

    Did your research turn up any security risks?

Leave a Reply