Update plugin: WP asks for FTP info for 1 blog, doesn't for another (5 posts)

  1. blogjunkie
    Posted 7 years ago #

    I've got 2 WP2.7 blogs hosted on mediatemple.net. The 1st is on the grid-service and I can update my plugins without needing to input a FTP password.

    The 2nd blog is on a dv VPS, but asks me for a password when I want to update my plugins. There is more than 1 site on this VPS, so its a shared IP.

    Why is this so? Appreciate it if someone could shed some light on this.

  2. Austin Matzko
    Posted 7 years ago #

    It has to do with the file ownership / permissions on the different sites. The site that doesn't ask for the password is probably more permissive, allowing the PHP user to overwrite files without having to use FTP.

  3. blogjunkie
    Posted 7 years ago #

    thanks for answering. can someone tell me how to tell PHP to be more relaxed? what are the risks of doing so?

  4. anjanesh
    Posted 6 years ago #

    I was hoping that changing group to apache / www-data would be enough, but its still asking working for FTP details !

    sudo chgrp -R www-data plugins/
    chmod -R g+w plugins/

    How come ?

  5. Because fixing the group ownership is not enough and WordPress also needs to be able to write/own files in wp-admin as well as wp-includes. Don't know why but it does.

    Your apache2 uid is www-data right? Once you have a full backup of your files (seriously) try these commands

    sudo su
    cd /where/your/wordpress/install/lives
    find ./wp-content/ | sed -e's/\ /\\\ /g' | xargs chown www-data:www-data
    find ./wp-admin/ | xargs chown www-data:www-data
    find ./wp-includes/ | xargs chown www-data:www-data

    The first find includes a sed to escape out any spaces in files (some plugins have spaces in the files and directories...) and sets all of wp-content, wp-admin, wp-includes to be owned by your web server. The UID and GUID are both set.

    If something goes really wrong, restore that file backup you took.

    This is not really an optimal solution but it will let WordPress update plugins/themes/etc. If you are on a dedicated server for you only this is alright.

    If you are running many other users/web apps on that server, then this may open up your WordPress installation to being exploited due to a weakness in some other package.

Topic Closed

This topic has been closed to new replies.

About this Topic