It has to do with the file ownership / permissions on the different sites. The site that doesn’t ask for the password is probably more permissive, allowing the PHP user to overwrite files without having to use FTP.
thanks for answering. can someone tell me how to tell PHP to be more relaxed? what are the risks of doing so?
I was hoping that changing group to apache / www-data would be enough, but its still asking working for FTP details !
sudo chgrp -R www-data plugins/
chmod -R g+w plugins/
How come ?
Moderator
Jan Dembowski
(@jdembowski)
Forum Moderator and Brute Squad
Because fixing the group ownership is not enough and WordPress also needs to be able to write/own files in wp-admin as well as wp-includes. Don’t know why but it does.
Your apache2 uid is www-data right? Once you have a full backup of your files (seriously) try these commands
sudo su
cd /where/your/wordpress/install/lives
find ./wp-content/ | sed -e's/\ /\\\ /g' | xargs chown www-data:www-data
find ./wp-admin/ | xargs chown www-data:www-data
find ./wp-includes/ | xargs chown www-data:www-data
The first find includes a sed to escape out any spaces in files (some plugins have spaces in the files and directories…) and sets all of wp-content, wp-admin, wp-includes to be owned by your web server. The UID and GUID are both set.
If something goes really wrong, restore that file backup you took.
This is not really an optimal solution but it will let WordPress update plugins/themes/etc. If you are on a dedicated server for you only this is alright.
If you are running many other users/web apps on that server, then this may open up your WordPress installation to being exploited due to a weakness in some other package.