We have clients that are using SFTP (WinSCP) to install wp plugins and are getting file permissions errors.
On Centos7 VM we set permissions to default Files 0644 and Folders 0755 with user:apache
When we set permissions to 777 on public and disable SE-linux the plugins seem to install successfully with no problem. We do not want to keep changing files to 777 as this is a security risk.
This is the error below:
The update cannot be installed because we will be unable to copy some
files. This is usually due to inconsistent file permissions.:
wp-comments-post.php, wp-activate.php, wp-includes/script-loader.php,
wp-includes/theme.php, wp-includes/class-wp-xmlrpc-server.php,
wp-includes/rest-api/endpoints/class-wp-rest-post-types-controller.php,
wp-includes/rest-api/endpoints/class-wp-rest-users-controller.php,
wp-includes/default-filters.php, wp-includes/comment.php,
wp-includes/version.php, wp-includes/js/wp-api.min.js,
wp-includes/js/media-views.js,
wp-includes/js/tinymce/wp-tinymce.js.gz,
wp-includes/js/tinymce/utils/validate.js,
wp-includes/js/tinymce/plugins/media/plugin.js,
wp-includes/js/tinymce/plugins/media/plugin.min.js,
wp-includes/js/tinymce/plugins/image/plugin.js,
wp-includes/js/tinymce/plugins/image/plugin.min.js,
wp-includes/js/tinymce/plugins/lists/plugin.js,
wp-includes/js/tinymce/plugins/lists/plugin.min.js,
wp-includes/js/tinymce/plugins/tabfocus/plugin.js,
wp-includes/js/tinymce/plugins/tabfocus/plugin.min.js,
wp-includes/js/tinymce/plugins/colorpicker/plugin.js Installation
Failed
Is there an alternative to work around this?
I'm running WordPress on my VPS with CentOS 7 LAMP stack.I've followed this guide to set permissions, i.e. I've run
sudo chown apache:apache -R *
to ensure that my wordpress directory is owned by apache:apache.
I've also set WordPress directory and file permissions with these commands:
find . -type d -exec chmod 755 {} \;
find . -type f -exec chmod 644 {} \;
(I had to prefix the above commands with sudo)
Normally I manage the server by logging in through SSH using myuser, where myuser belongs to the apache group and the wheel group.
I have 3 problems:
Any file CRUD command in the WordPress directory still requires me to prefix the command with sudo, or else I get a permission error. Since myuser belongs to apache and apache owns the directory, I'm confused as to why I still need to prefix the commands with sudo.
Similar to problem 1, any git command such as a git pull requires me to prefix the command with sudo or else I get a permission error.
When I try to automatically update theme files from my WordPress dashboard web interface, I get permission errors. Interestingly, I'm able to install/update plugins via the WordPress dashboard without any permissions errors.
Any ideas on what I'm missing?
Look at:What does mode_t 0644 mean?
644 means:
* (owning) User: read & write
* Group: read
* Other: read
CRUD is a write command, so you're not allowed to do that. Either you change to 664 or keep using sudo. Basically any writing procedure on the file system would not be allowed without sudo since your user is not the owner (event though he is in the group).
#fortuneRice, CentOS7 features selinux enabled by default, which is often the cause of many hard-to-understand file permission errors.
I would suggest the following:
Edit /etc/sysconfig/selinux
Change SELINUX=permissive (or whatever SELINUX is currently set to in the file) to SELINUX=disabled
Reboot your server (not just the apache web server, but the whole machine)
Disabling SELINUX completely is not a good idea, therefore if this procedure works, you should re-enable SELINUX and fix its configuration.
Configuring SELINUX can be a difficult task, so I suggest you read up on google how to do that :)
chown -R -f user:apache /path of the directory
I also faced that issue and solved this problem by changing the PHP handler.
it is important to use PHP Handler that will run as the file owner.
After I installed HTTP2 and another few features on the way, I changed the PHP handler.
I am running WHM/CPanel on my VPS, and I fixed my issue following these steps:
Under WHM > Software > EasyApache 4 > Customize
Look for the: mod_suphp under the Apache Modules tab and make sure it is enabled, and if you just turned it on to install, follow step two.
Go to the Review tab and click the Provision button to save.
Under Whm > Software > MultiPHP Manager look for PHP Handlers tab.
Choose suphp as the handler for the current PHP version.
That's it. It was the PHP handler.
Edit: I notice that suphp had a conflict with one of my user uploads directories that I am adding dynamically to images a watermark. It seems the suphp handler had permission to upload but doesn't show the pictures.
I also tried the lsapi for the PHP Handler, and it seems to work correctly with the file's permissions and attaching via the .htaccess file watermarks for images.
I succesfully set up a VPS LEMP-stack with Wordpress. When I am trying to install plugins from the WP backend, I am prompted with the following message:
To perform the requested action, WordPress needs to access your web server.
Please enter your FTP credentials to proceed. If you do not remember your
credentials, you should contact your web host.
When I enter my SFTP-account details, which I am using to access the server with FileZilla, I get the following error message:
Failed to connect to FTP Server 192.XXX.XXX.X:21
I read various tutorials, which suggest to install a FTP server, in particular vsftpd and then to store your FTP-User-details in the wp-config.php to avoid further authentication requestst. The problem I see is that, FTP is considered as severly unsecure and I would like to avoid hard-coding my user details into my WP-installation.
What is the safest, recommended way to deal with this problem?
I don't know if it is the safest method or not. But pasting this code in wp-config.php once solved my problem:
define('FS_METHOD', 'direct');
sudo chown -R www-data:www-data wp_site_root
sudo chmod -R g+rw wp_site_root
solved my problem.
Remember to set files and directories permission in this way:
chown -R www-data:www-data /var/www
find /var/www/ -type d -exec chmod 755 {} \;
find /var/www/ -type f -exec chmod 644 {} \;
define('FS_METHOD', 'direct');
adding the above given command on the wp-config file will resolve that issue paste it below
define( 'WP_DEBUG', false );
#MrNerdy,
I should have also elaborated on the fact that there should be some other folders you'll want to give permissions to. Read the documentation on it here to understand exactly what you should do regarding security: http://codex.wordpress.org/Changing_File_Permissions
Also, be careful to only install trusted plugins. I've seen dozens of sites hacked because of badly coded plugins / themes, etc. Good luck.
For me it was bitnami related settings issue. This post helped me. There could be multiple reason:
Permission issue on the files and folders.
The FS_METHOD should be
"direct" in wp-config.php file.
Remove FTP configuration from wp-config.php if you are
migrating from bitnami to manage it on your own.
If anyone is running into this issue using MAMP Pro.
Make sure you're running the server as the user that has permission for the root wordpress directory.
Under SETTINGS > Ports look for "Run server as" and in the drop down choose the same system user that has permission to access the root wp folder.
Add this line to wp-config.php:
define('FS_METHOD', 'direct');
Then change the permission If you're using an ec2 instance.
cd /var/www/html/wordpress
if your'e using shared hosting then remove some files in your server and try again. it will work. its because your disk quota may be exceeded.
I am using WordPress on my live server which only uses SFTP using an SSH key.
I want to install and upgrade plugins, but it appears that you are required to enter your FTP login to install the plugins. Is there a way to install and upgrade plugins by manually uploading the files instead of having WordPress handle the entire process?
WordPress will only prompt you for your FTP connection information while trying to install plugins or a WordPress update if it cannot write to /wp-content directly. Otherwise, if your web server has write access to the necessary files, it will take care of the updates and installation automatically. This method does not require you to have FTP/SFTP or SSH access, but it does require your to have specific file permissions set up on your webserver.
It will try various methods in order, and fall back on FTP if Direct and SSH methods are unavailable.
https://github.com/WordPress/WordPress/blob/4.2.2/wp-admin/includes/file.php#L912
WordPress will try to write a temporary file to your /wp-content directory. If this succeeds, it compares the ownership of the file with its own uid, and if there is a match it will allow you to use the 'direct' method of installing plugins, themes, or updates.
Now, if for some reason you do not want to rely on the automatic check for which filesystem method to use, you can define a constant, 'FS_METHOD' in your wp-config.php file, that is either 'direct', 'ssh', 'ftpext' or 'ftpsockets' and it will use that method. Keep in mind that if you set this to 'direct', but your web user (the username under which your web server runs) does not have proper write permissions, you will receive an error.
In summary, if you do not want to (or you cannot) change permissions on wp-content so your web server has write permissions, then add this to your wp-config.php file:
define('FS_METHOD', 'direct');
Permissions explained here:
http://codex.wordpress.org/Updating_WordPress#Automatic_Update
http://codex.wordpress.org/Changing_File_Permissions
As stated before none of the perm fixes work anymore. You need to change the perms accordingly AND put the following in your wp-config.php:
define('FS_METHOD', 'direct');
Just wanted to add that you must NEVER set the wp-content permission or permission of any folder to 777.
This is what I had to do to:
1) I set the ownership of the wordpress folder (recursively) to the apache user, like so:
# chown -R apache wordpress/
2) I changed the group ownership of the wordpress folder (recursively) to the apache group, like so:
# chgrp -R apache wordpress/
3) give owner full privilege to the directory, like so:
# chmod u+wrx wordpress/*
And that did the job. My wp-content folder has 755 permissions, btw.
TL;DR version:
# chown -R apache:apache wordpress
# chmod u+wrx wordpress/*
In wp-config.php add define('FS_METHOD', 'direct');
Make server writable the directories wp-content/, wp-content/plugins/.
Install the plugin (copy the plugin dir into the wp-content/plugins dir).
Worked on version 3.2.1
open wp-config.php file and add the following line:
define('FS_METHOD', 'direct');
this is working for me ...Thanks
Just a quick change to wp-config.php
define('FS_METHOD','direct');
That’s it, enjoy your wordpress updates without ftp!
Alternate Method:
There are hosts out there that will prevent this method from working
to ease your WordPress updating. Fortunately, there is another way to
keep this pest from prompting you for your FTP user name and password.
Again, after the MYSQL login declarations in your wp-config.php file,
add the following:
define("FTP_HOST", "localhost");
define("FTP_USER", "yourftpusername");
define("FTP_PASS", "yourftppassword");
Change from php_mod to fastcgi with cgi & SuEXEC enabled (ISPConfig users). Works for me.
If don't work, try to change wp-content to 775 as root or sudo user:
chmod -R 775 ./wp-content
Then Add to wp-config.php:
define('FS_METHOD', 'direct');
Good Luck
In order to enable the use of SSH2 for your updates and theme uploads, you have to generate your SSH keys and have the PHP SSH module installed. Then WordPress will detect that you have SSH2 available and you'll see a different option (SSH2) displayed when doing an upload/upgrade.
1.) Make sure you have the PHP module installed for debian it is:
sudo apt-get install libssh2-php
2.) Generate SSH keys, adding a passphrase is optional:
ssh-keygen
cd ~/.ssh
cp id_rsa.pub authorized_keys
3.) Change the permission so that WordPress can access those keys:
cd ~
chmod 755 .ssh
chmod 644 .ssh/*
Now you'll get the SSH2 option when doing an upload/upgrade/plugin.
4.) For added ease you can setup the defaults in your wp-config.php and this will pre-populate the SSH credentials in the WordPress upload window.
define('FTP_PUBKEY','/home/<user>/.ssh/id_rsa.pub');
define('FTP_PRIKEY','/home/<user>/.ssh/id_rsa');
define('FTP_USER','<user>');
define('FTP_PASS','passphrase');
define('FTP_HOST','domain.com');
The 'passphrase' is optional, if you don't setup a passphrase during ssh-kengen; then don't add it in wp-config.php
This solved my issue. And I didn't have to do the chown at all. But I have seen this method referenced in other places.
References:
http://wp.tutsplus.com/articles/tips-articles/quick-tip-upgrade-your-wordpress-site-via-ssh/
http://codex.wordpress.org/Editing_wp-config.php#Enabling_SSH_Upgrade_Access
Usually you can just upload your plugin to the wp-content\plugins directory. If you don't have access to this directory via SFTP I'm afraid you may be stuck.
You can get it very easily by typing the following command on command promt
sudo chown -R www-data:www-data your_folder_name
or copy & paste the following code in your wp-config.php file.
define('FS_METHOD', 'direct');
Where "your_folder_name" is the folder where your WordPress is installed inside this folder.
If you're on Ubuntu, a quick solution that worked for me is giving ownership to the Apache user (www-data by default) like so:
cd your_wordpress_directory
sudo chown -R www-data wp-content
sudo chmod -R 755 wp-content
Execute the following code in terminal
sudo chown -R www-data /var/www
For further detail visit
Wordpress on Ubuntu install plugins without FTP access
Add the following code to wp-config
define('FS_METHOD', 'direct');
FS_METHOD forces the filesystem method. It should only be direct, ssh2, ftpext, or ftpsockets. Generally, you should only change this if you are experiencing update problems. If you change it and it doesn't help, change it back/remove it. Under most circumstances, setting it to 'ftpsockets' will work if the automatically chosen method does not.
(Primary Preference) "direct" forces it to use Direct File I/O requests from within PHP, this is fraught with opening up security issues on poorly configured hosts, This is chosen automatically when appropriate.
(Secondary Preference) "ssh2" is to force the usage of the SSH PHP Extension if installed
(3rd Preference) "ftpext" is to force the usage of the FTP PHP Extension for FTP Access, and finally
(4th Preference) "ftpsockets" utilises the PHP Sockets Class for FTP Access
For more information visit: http://codex.wordpress.org/Editing_wp-config.php#WordPress_Upgrade_Constants
WordPress 2.7 lets you upload a zip file directly (there's a link at the bottom of the plugins page) -- no FTP access needed. This is a new feature in 2.7, and it works for plugins only (not themes yet).
Please add define('FS_METHOD','direct'); in wp-config.php
Resurrecting an old thread, but there's a fantastic new plugin called SSH SFTP Updater Support that adds in SFTP capabilities without needing to edit your wp-config.php file. Also, Wordpress's SFTP implementation relies on some somewhat obscure PHP modules that are often not enabled on servers; this plugin packages a different PHP SFTP plugin so you don't have to configure anything on the Apache side.
I had run into tons of problems getting SFTP support to work - this plugin solved all of them and is just fantastic.
The answer from stereointeractive covers all the options. Just wanted to mention an alternate way of using FTP. I'm guessing that the reason you are not allowing FTP access is for security. One way to address those security concerns is to run your FTP server listening only on 127.0.0.1
This allows you to use FTP from inside WordPress and you will be able to install plugins while not exposing it to the rest of the world. This can also be applied to other popular web applications such as Joomla! and Drupal. This is what we do with our BitNami appliances and cloud servers and works quite well.
I also recommend the SSH SFTP Updater Support plugin. Just solved all my problems too...especially in regards to getting plugins to delete through the admin. Just install it in the usual way, and the next time you're prompted by WordPress for FTP details, there'll be extra fields for you to copy/paste your private SSH key or upload your PEM file.
Only problem I have is in getting it to remember the key (tried both methods). Don't like the idea of having to find and enter it every time I need to delete a plugin. But at least it's a solid fix for now.
Yes, directly install the plugin in WordPress.
Copy the plugin folder and paste in WordPress plugin folder.
go to admin side (/test/wp-admin) then after go to on the plugin link and check the name of the plugin.
Activate the plugin so Install the plugin easily.
other Option
create the zip file for the plugin code.
go to admin side (/test/wp-admin) then after go to on the plugin link and then click on the add new then browse the plugin zip folder and install the plugin then come out the option activate plugin so so do activate plugin and activate plugin.
I saw a lot of people recommending to set permission to 777. I had same problem like 2 days ago and all I did was, add this to wp-content
define('FS_METHOD', 'direct');
and
set permission to 775 for plugin folder
This solved my problem of asking FTP access login/password.
Before that, I had to add plugin manually by adding .zip file to plugin folder and then go to wp-admin/plugins and had to installed it.
It is possible to use SFTP or SSH to auto update Plugins in WordPress, but you need to have ssh2 pecl extension. You can find out how to do it, using the following tutorial
We use SFTP with SSH (on both our development and live servers), and I have tried (not too hard though) to use the WordPress upload feature. I agree with Toby, upload your plugin(s) to the wp-content/plugins directory and then activate them from there.
Try this
1) In the wp-config.php add define('FS_METHOD', 'direct');
2) Set the wp-content directory to 777 for writable.
3) Now install the plugin.
Try this Check whether the correct permission is given to wp-content folder.
Edit the wp-config.php add the following line
define('FS_METHOD', 'direct');
chmod the "wp-content" directory to www-data for full access.
Now try installing the plugin.
Yes you can do it.
You need to add
define('METHOD','direct');
in your wpconfig.
But this method won't be preferable because it has security voilances.
Thanks,
setting up a ftp or even an SFTP connection or chmod 777 are bad ways to go for anything other than a local environment. Opening even an SFTP method introduces more security risks that are not needed.
what is needed is a writeable permission to /wp-content/uploads & /wp-content/plugins/ by the owner of those directories. (linux ls -la will show you ownership).
Default apache user that runs is www-data.
chmod 777 allows any user on the machine to edit those file, not just the apache/php thread user.
SFTP if you are not already using it, will introduce another point of possible failure from an external source. Whereas you only need access by the local user running the apache/php process to complete the objective.
Didn't see anyone making these points, so I thought I would offer this info to help with our constant WP security issues online.
Method 1:
You can set this:
1. in wp-config.php you need to write this lines.
define('FS_METHOD', 'direct');
Note: put this after define( 'DB_CHARSET', 'utf8mb4' ).
set wp-content permission or permission recursively 775 full permission
you can give it via filezilla. write click on directory > permissions> check read-write and execute and also check Recurse into subdirectories
Method 2:
or You can also set this
define("FTP_HOST", "localhost");
define("FTP_USER", "yourftpusername");
define("FTP_PASS", "yourftppassword");
Here is a simple method.
Execute following commands.
This will enable your mod_rewrite module for Apache
$sudo a2enmod rewrite
This Command will change the owner of the folder to www-data
$sudo chown -R www-data [Wordpress Folder Location]
After You executing above commands you can install any themes without FTP.
You can add following in wp-config.php
define('METHOD','direct');
Here is a youtube video that explaining how to do it. https://youtu.be/pq4QRp4427c
The best way to install plugin using SSH is WPCLI.
Note that, SSH access is mandatory to use WP CLI commands. Before using it check whether the WP CLI is installed at your hosting server or machine.
How to check : wp --version [ It will show the wp cli version installed ]
If not installed, how to install it :
Before installing WP-CLI, please make sure the environment meets the minimum requirements:
UNIX-like environment (OS X, Linux, FreeBSD, Cygwin); limited support in Windows environment.
PHP 5.4 or later
WordPress 3.7 or later. Versions older than the latest WordPress release may have degraded functionality
If above points satisfied, please follow the steps : Reference URL : WPCLI
curl -O https://raw.githubusercontent.com/wp-cli/builds/gh-pages/phar/wp-cli.phar
[ download the wpcli phar ]
php wp-cli.phar --info [ check whether the phar file is working ]
chmod +x wp-cli.phar [ change permission ]
sudo mv wp-cli.phar /usr/local/bin/wp [ move to global folder ]
wp --info [ to check the installation ]
Now WP CLI is ready to install.
Now you can install any plugin that is available in WordPress.org by using the following commands :
wp install plugin plugin-slug
wp delete plugin plugin-slug
wp deactivate plugin plugin-slug
NOTE : wp cli can install only those plugin which is available in wordpress.org