From my understanding WordPress doesn’t update at all through sFTP or SSH. Most shared hosting accounts don’t even offer SSH, so that wouldn’t make much sense to start.
What is the error that you see when you lock down the SSH port and sFTP?
The other alternative is that you complete a manual update when needed from your local files.
Uh…it pretty clearly specifies FTP, SFTP, or SSH on the Update WordPress screen. The error I get is can’t connect to the server, which doesn’t surprise me as I block all IPs except certain ranges. Thus, my question.
For those options, it’s actually connecting back to itself.
The way the updater works in this particular case is that it downloads the update files from here on wordpress.org, then it makes a connection to whatever ftp information you give it. This is presumed to be the server itself, because it’s sending the updated files over that connection to update them.
By connecting back to itself using the credentials you give it, the files will have the correct ownership, and be owned by the user account, not by the webserver account which it is running as.
Does that help or make sense? 🙂
Well then I’m completely stymied and will have to always do manual installs. The credentials are correct and I’ve double-checked them, but it can’t make the server connection.
Instead of putting in your normal FTP server name, try “localhost”. Some servers don’t have DNS resolution of themselves, or can’t connect back to themselves using that particular route.