Wordpress automatic upgrade

Hi All,

I am having some problems with Wordpress automatic upgrade function. If I try to upgrade the wordpress version or the plugins, it asks for the FTP details. When I enter these details it doesnt accept them.

On the net, I found a solution: change the permissions of the wp-content to 777, but this is very unsafe.

I've also found a more complete and safer solution in here http://www.nerdgrind.com/wordpress-auto … t-working/">http://www.nerdgrind.com/wordpress-automatic-upgrade-plugin-failed-or-not-working/ but it requires setsebool, that is, selinux, which is not accepted by linode kernel, i've been told.

Have you ever found this problem before? Do you know how to resolve it in a neat and safe way for linode?

Thanks a lot for your help.

Alex

5 Replies

You need to give the user that your webserver runs as write permission to wp-content. This is inherently unsafe, yes.

If the webserver can't write files, it can't update itself after all.

Note that the setsebool only applies if selinux is actually enabled and enforcing, neither of which apply on a stock linode kernel.

The "safest" way is to set up an FTP server, username and password, and ACL to enable just the FTP user to write to that directory… but that still means you're leaving the directory wide open for writes, just not through your webserver.

edit: I should note that the most secure way is to update wordpress is to… not use the automatic method.

I don't use auto upgrade for exactly that reason. Honestly, once you get the hang of it (what needs ot be kept, etc.), manual upgrades aren't that bad. Usually takes me <10 minutes including testing.

Edit: also for point releases (x.x.2 -> x.x.3) you can usually get away with making a patch from the old release to the new one and just applying the patch because not much changes.

I had this issue as well, I installed this plugin and all works fine now!

http://yoast.com/fix-automatic-plugin-update/

I found that changing the owner/group of all the wordpress folders allows for automatic updates and automatic plugin installs. Basically:

chown -R www-data:www-data *

Inside the wordpress folder

Please, I am pretty new to all of this so, you experts out there should chime in if there would be a problem with this.

@casmang:

Please, I am pretty new to all of this so, you experts out there should chime in if there would be a problem with this.

There's nothign necessarily wrong with that, but it makes you more vulnerable to security holes. Allowing the web server to write to the filesystem (except in very narrow circumstances) just makes exploits all the more damaging. also, this isn't purely theoretical. wordpress has an absolutely awful security record

Reply

Please enter an answer
Tips:

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (https://www.google.com)

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Community Code of Conduct