Thanks for the solution, it worked well (just have to change permission). In fact, i think that in step 3, WordPress bypass that at-risk detection and always create files using the ‘direct’ method. I think it can be a security risk in specific situation like “poorly” configured shared host. Anyway, you can always just add the line when you need to update stuff and deleted it after!
