WordPress asks for FTP credentials to upgrade

I have two WordPress blogs. One is on a shared server and the other one is on a dedicated server. When I update WordPress on the dedicated server it asks me to enter FTP details. When I Update WordPress on my shared server it doesn’t ask me to enter FTP details. Does anyone know the reason for this?

Can I trust WordPress in this kind of situations?

Related posts

Leave a Reply

4 comments

  1. It asks ftp credentials because wordpress probably does not have write permission on your wordpress root folder.So, it tries to put wp upgrade via FTP. In order to fix that go to your root folder of wordpress site and run;

    sudo chown -R www-data:www-data wordpress
    
  2. Try adding this line at the end of your wp-config.php file:

    define('FS_METHOD','direct');
    

    It sets the direct method and update without asking for FTP credentials.

  3. WordPress asks for your FTP credentials when it doesn’t have write access to all the folders it needs. It’s a misleading error message – it should really just say “Please give me write permissions on your root folder while I do this upgrade”.

    This problem seems especially common in IIS users where the permissions/user accounts are a bit more arcane.

    Essentially, to solve it:

    • Give your Application Pool user (often IUSR for Windows users) write and modify privileges on the root folder of your wordpress installation.
    • Run the automated upgrade from the WordPress dashboard, which should happen nice and easily now.
    • Remove the write/mod privileges from IUSR to resecure your installation (making sure it can still write to your plugins directory)
  4. Yes, you can trust WordPress. This situation is a disk permissions issue as said by @HüsseyinBABAL. It can be overridden using some constants in wp-config.php as said by @povieira.

    But there are more to it than FS_METHOD. All FTP credentials can be set in the config file using WordPress Upgrade Constants:

    define( 'FS_METHOD', 'ftpext' );
    define( 'FTP_BASE', '/path/to/wordpress/' );
    define( 'FTP_CONTENT_DIR', '/path/to/wordpress/wp-content/' );
    define( 'FTP_PLUGIN_DIR ', '/path/to/wordpress/wp-content/plugins/' );
    define( 'FTP_PUBKEY', '/home/username/.ssh/id_rsa.pub' );
    define( 'FTP_PRIKEY', '/home/username/.ssh/id_rsa' );
    define( 'FTP_USER', 'username' );
    define( 'FTP_PASS', 'password' );
    define( 'FTP_HOST', 'ftp.example.org' );
    define( 'FTP_SSL', false );
    

    To increase security, I normally have my /home/user/public_html/wp-config.php including a file outside the public folder:

    <?php
    include('/home/user/configs/wp-config-site1.php');