WordPress includes a handy feature to auto-upgrade plugins, themes, and even the core software when needed. However, it has never worked for me on my self-hosted blog. The Updates page prompts me for FTP information, I press ‘Proceed’, and I get a blank page. Nothing happens. So I tore into the wp-config.php documentation. Here’s how to get automatic updates working with FTP.
There are methods to get SSH working for these updates, but at the time I wrote this the PHP ssh2 extension wasn’t compiling right, and the whole process was quite complex. I’ll make another post later when things get better.
Goes without saying that a backup copy of your stuff might be handy, too…
- First, make sure your copy of PHP was built with “–enable-ftp”. You can do this by creating a file with a .php extension (like “phpinfo.php”) in your WordPress folder with the contents:
<? phpinfo() ?>
Save that, then go to that URL. The “Configure Command” near the top should have “–enable-ftp” and there should be a section below titled “FTP” with a line saying “FTP Support” is “enabled.” If this isn’t the case, rebuild your PHP to include this. 🙂
- Make sure you have an FTP server running, and that you can log into it manually using a command like “ftp localhost”. I have restricted mine, via iptables, to localhost, as FTP isn’t secure at all — it sends passwords in the clear. Connections via the loopback network are pretty harmless, though.
- Edit your wp-config.php file, to add a few lines:
define('FS_METHOD', 'ftpext'); define('FTP_HOST', 'localhost'); define('FTP_USER', 'myusername'); define('FTP_PASS', 'supersecr3tp4$$w0rd'); define('FTP_BASE', '/var/www/sitename/html/'); #define('FTP_CONTENT_DIR', '/var/www/sitename/html/wp-content/'); #define('FTP_PLUGIN_DIR', '/var/www/sitename/html/wp-content/plugins/');
FS_METHOD, if it isn’t set, defaults to ‘ftpsockets’ which didn’t appear to be working at all for me. So I set it to ‘ftpext’ — use the FTP PHP extension directly. There are other options, including ‘direct’ for direct filesystem calls, but those usually introduce complex permissions problems. There’s also ‘ssh’ which we’ll cover later.
By default, WordPress doesn’t offer SSL protection on the admin pages, so when you type in your password and press the ‘Proceed’ button it gets sent in the clear to the web server. On the other hand, hard-coding your password somewhere sucks, too. In lieu of configuring SSL I chose to just put my username and password in wp-config.php so I don’t send it in the clear. I don’t trust third-party networks at all.
If you want to be prompted for your username & password don’t set FTP_USER or FTP_PASS. If you don’t set both variables whatever you did set will show up as defaults.
If the account you are logging into doesn’t have WordPress in the default directory it’ll get confused. So I had to set my FTP_BASE variable to the full path for WordPress. If you moved the wp-content or plugins directories, which isn’t common, you need to set FTP_CONTENT_DIR, and FTP_PLUGIN_DIR, too. I have them commented out above, just so you can see what they’re like.
- Create a directory in your wp-content directory called ‘upgrade’ and make sure it has permissions to be written to by the account you are using.
- Make sure your whole wp-content directory has read & write permissions for the account you’re using.
- Try it. At this point you should get error output if something is wrong. For me, it was usually permissions, and when I got those figured out it all worked.
I hope this helps — please leave a comment if I’ve forgotten something or there is an error, and I’ll double-check it. Thanks!