Disabling forced FTP credentials for any updates

  • Resolved etadmin

    (@etadmin)


    5 years ago

    Hello! I have a wordpress site that we were versioning controlling. Any plugin/Wordpress base update would have to go through a merge request and then deployed. Well our deploy process is broken and I’m trying to grant access to Marketing to allow updates to the plugins without having it go through a developer. One problem: WordPress is asking for connection login to the web server and for the life of me, I can’t figure out how to disable it.

    Here’s everything I tried:

    1.) wp-config.php: Yes, I looked in there as per this form and a million others. We have only the basics in the config file. (https://wordpress.stackexchange.com/questions/108379/force-wordpress-to-request-for-ftp-info-on-theme-plugin-install-update)

    2.) I tried setting permission 777 (for extreme measures) to the plugins folder which suggested and a few other sites. Still nothing. Our All In One WP Security plugin promptly changed the settings back. (https://wordpress.stackexchange.com/questions/57166/ftp-credentials-on-localhost)

    3.) I tried looking through the WP Security plugin and I’m not seeing anything jump out at me as to it stopping any plugin updates.

    Any other areas that might be causing this? We are using WordPress 4.9.3. I have no idea where else to look.

    Thanks!

    • This topic was modified 5 years ago by Jan Dembowski. Reason: Moved to Fixing WordPress, this is not an Everything else WordPress topic
Viewing 8 replies - 1 through 8 (of 8 total)
  • Moderator Steven Stern (sterndata)

    (@sterndata)

    Volunteer Forum Moderator

    Make sure the ownership of the files in the WP tree is the same as the user under which PHP is running and permissions are 755/644 for folders/files, respectively.

    Thread Starter etadmin

    (@etadmin)

    Hey Steve, thanks for your reply!

    I did confirm that www-data had permissions to that folder and all along until the project root. Wouldn’t changing 777 on the plugins take care of any permissions issues?

    Moderator Steven Stern (sterndata)

    (@sterndata)

    Volunteer Forum Moderator

    Probably. Are you using SELinux? What other changes were made to lock-down updates?

    Thread Starter etadmin

    (@etadmin)

    We are using Debian. We were using Gitlab for version control and I thought that was helping lock down the plugin updates with permissions. Even completely opening the plugin folder using 777 didn’t work.

    Moderator Samuel Wood (Otto)

    (@otto42)

    www.ads-software.com Admin

    I did confirm that www-data had permissions to that folder and all along until the project root. Wouldn’t changing 777 on the plugins take care of any permissions issues?

    No, permissions are not enough. *Ownership* matters. WordPress will not update a file if the resulting file will change ownership. Sometimes WordPress updates add new files. Plugins update by deleting the old version of the plugin and creating a new one from the ZIP file. It’s not modifying existing files, it’s creating new files.

    So, the files must be owned by the same user that the PHP process is. Because when it creates files, they get that ownership, so WordPress checks to see if it writes a file and the ownership will change, and if so, then it won’t do it and instead requires FTP info, so that it can use that to write files as the correct owner.

    Thread Starter etadmin

    (@etadmin)

    Woooow. I apologize. You’re right. I didn’t have the correct user setup across. So PHP does run as www-data, but I didn’t put it across the project. Once I changed it, it worked like a champ. Really sorry about this guys! I appreciate the input! Closing this ticket.

    On wp-config add:

    define ( ‘FS_METHOD’, ‘direct’);

    Thread Starter etadmin

    (@etadmin)

    Hey! I tried doing that. That was actually one of the first things I tried but it didn’t work either (should have said that), but the only way was with the proper permissions. ?? Thanks though!

Viewing 8 replies - 1 through 8 (of 8 total)
  • The topic ‘Disabling forced FTP credentials for any updates’ is closed to new replies.