When I try to upgrade a plugin on a WordPress installation that doesn’t have write permission for the plugins directory, it brings up a Connection Information page. This has always been confusing. I think after clicking Upgrade Automatically, instead of just bringing up a Connection Information page it should explain what happened and provide instructions for several ways of fixing it:
1) Instruct the user to copy and paste a php one-liner and ssh into the server and run it as a user that has write permission
2) Instruct the user on how to change the permissions so Upgrade Automatically can just work
3) Provide Connection Information (the current way)
The Connection Information option should be a last resort because it encourages users to send their login credentials over the same, often plain HTTP, channel as their WordPress credentials. Often people aren’t so worried about a WordPress session being hijacked because they can restore their backup. If someone gains shell access they can do a lot more destructive stuff.
- The topic ‘How about providing a script when web server can't write?’ is closed to new replies.