[Idea] Why you don't use FTP user for Theme Editor, like on installation of plug

  • This morning I got this Idea. Hopefully this is the place to share it.

    Why WordPress don’t use the FTP user for the Theme Editor?. Using FTP user like on the installation of plugins, you will solve the problem of permissions for editing files with theme editor.

    I mean you have to put files and directory to 777 to edit the files with the theme editor.

    Also you can put your FTP settings on wp-config.php so you will no have to put the FTP password and user every time you save the file.

    The idea came to me when I was thinking on a client that wants to change de “about us”, with some cool HTML code and he knows a bit of HTML.

Viewing 6 replies - 16 through 21 (of 21 total)

  • Hey Jaumesala,

    If your web hosts allows WordPress FTP/SFTP access you can modify the file /wp-admin/theme-editor.php to also use this function.

    This would be considered an advanced hack because:

    (1) You are modifying core WordPress files

    (2) You will need some understanding of how the code works to only modify the needed parts of the file so that…

    (3) you can redo it after you upgrade WordPress if upgrades overwrite the /wp-admin/theme-editor.php file

    jafcobend’s pastebin code shows the *differences* between the modified theme-editor.php file and the *original* file that came with WordPress 3.2.1. You will have to manually insert the changes to add this functionality to your wordpress sites running 3.2.1

    I should also add that while I agree this isn’t *seriously* more insecure, generally FTP/SFTP accounts are protected by login rate limiters (locking out brute-force attackers after a certain number of attempts) while WordPress is not.

    As such I would HIGHLY RECOMMEND installing a plugin such as Login Lockdown as a favor to your web host if you allow WordPress FTP/SFTP access.

    Jaumesala,

    Yes, the “patch” command is a Unix command. Although its pretty much been ported everywhere. I think its even included in the “cygwin” windows package.

    Its purpose is to apply a set of changes documented in one file to another file or even to entire sets of files. The changes are found and spit out in a plain text file typically by a tool called “diff”. Hence they can be called “patch files” or “diff files” or simply “diffs”.

    What the commands I showed in my previous post do is to take the changes that I made to the wp-admin/theme-editor.php on my system and apply them to your system. It also makes a backup of the original theme-editor.php just in case you want to revert without unzipping the whole package.

    So if you apply the patch I provided you get exactly what you were asking for. A theme editor that uses your FTP credentials to post the changes. Just like the installation of plugins.

    Thread Starter jaumesala

    (@jaumesala)

    Modifying all this will make that when I upload a photo, wordpres will use de FTP user not the apache user?

    Thank you.

    The only affect this patch has is on the theme file editor. It is not an upload facility. You would still have to FTP/SFTP additional files. But yes, it makes WordPress use the FTP user. With it you can browse the theme files as usual and post changes back even if the Apache user doesn’t have rights.

    Thread Starter jaumesala

    (@jaumesala)

    And so, are you using it?

    Yes, its being used on several sites.

Viewing 6 replies - 16 through 21 (of 21 total)
  • The topic ‘[Idea] Why you don't use FTP user for Theme Editor, like on installation of plug’ is closed to new replies.