Forums

WordPress › Support » Requests and Feedback

How about providing a script when web server can't write? (5 posts)

  1. benatkin
    Member
    Posted 1 year ago #

    When I try to upgrade a plugin on a WordPress installation that doesn't have write permission for the plugins directory, it brings up a Connection Information page. This has always been confusing. I think after clicking Upgrade Automatically, instead of just bringing up a Connection Information page it should explain what happened and provide instructions for several ways of fixing it:

    1) Instruct the user to copy and paste a php one-liner and ssh into the server and run it as a user that has write permission

    2) Instruct the user on how to change the permissions so Upgrade Automatically can just work

    3) Provide Connection Information (the current way)

    The Connection Information option should be a last resort because it encourages users to send their login credentials over the same, often plain HTTP, channel as their WordPress credentials. Often people aren't so worried about a WordPress session being hijacked because they can restore their backup. If someone gains shell access they can do a lot more destructive stuff.

  2. Ipstenu
    Half-Elf Support Rogue & Mod
    Posted 1 year ago #

    Problem is that the auto-upgrader may not have the ability to tell you WHY the upgrade failed. But IIRC upgrading the usability on this tool is on the list of things to do.

  3. benatkin
    Member
    Posted 1 year ago #

    Good to know it's on the list. I don't think it needs to figure out why, though - I think a list of likely ways to fix it, with the easiest and most secure at the top, would be helpful.

  4. Ipstenu
    Half-Elf Support Rogue & Mod
    Posted 1 year ago #

    Personally I agree, but I can see the problem with it since a disturbing (to me) number of bloggers have no idea what any of that means :/

  5. benatkin
    Member
    Posted 1 year ago #

    I'd rather they don't understand what it means than they try and send the best (read: most dangerous) password they know over a non-SSL connection.

Topic Closed

This topic has been closed to new replies.

About this Topic

Tags