One of the great features of WordPress is that it allows you to automatically install and upgrade plugins.
A common problem is that WordPress is unable to access the filesystem directly, which results in a page indicating that “To perform the requested action, connection information is required.“
If you feel that your WordPress installation should not be asking you for this information, or you simply do not want WordPress to use this method of plugin management, you may be able to work around it.
What is Causing This?
Whenever you use the WordPress control panel to automatically install, upgrade, or delete plugins, WordPress must make changes to files on the filesystem.
Before making any changes, WordPress first checks to see whether or not it has access to directly manipulate the file system.
If WordPress does not have the necessary permissions to modify the filesystem directly, you will be asked for FTP credentials so that WordPress can try to do what it needs to via FTP.
Why Can’t WordPress Write To The Filesystem?
In order to understand why WordPress can’t write to the filesystem, we need to take a look at some WordPress internals.
The following code is from the get_filesystem_method() method in the wp-admin/includes/file.php file:
if( function_exists('getmyuid') && function_exists('fileowner') ){
$temp_file = wp_tempnam();
if ( getmyuid() == fileowner($temp_file) )
$method = 'direct';
unlink($temp_file);
}
This code creates a temporary file and confirms that the file just created is owned by the same user that owns the script currently being run. In the case of installing plugins, the script being run is wp-admin/plugin-install.php.
This may seem a little counter-intuitive, since the only thing WordPress really needs to be able to do is write to the wp-content/plugins directory.
What Can I Do About It?
In order to fix this issue, you will need to make sure that the scripts which need to write to the filesystem are owned by the same user that apache is running as.
Many hosting companies will run your apache instance using your user account, and all of your files will be owned by the same account. In those cases, you will probably not have the issue described here.
If your hosting company is running apache as a system user, and your files are owned by your own account, your only option may be to enter your FTP credentials here and allow WordPress to use FTP.
If you are running on a hosting company that gives you root access, or you have installed WordPress on your own development machine at home or at work, you should be able to modify the filesystem permissions to allow WordPress to directly access the filesystem.
The easiest way to do this is to find out what user apache is running as and change ownership of the entire WordPress directory to that user. For example, if apache is running as ‘httpd’, you could use the following commands on your WordPress installation directory:
# chown -R httpd: wordpress
Note that not all versions of chown are equal. If that command does not work, see your local chown man page for usage information.
Tip: In order to find out what user your instance of apache is running as, create a test script with the following content:
<?php echo(exec("whoami")); ?>
Thanks Suzanne!
Isn’t that a security risk? I think it’s the same as doing chmod 777 since httpd will have write and execute permissions.
Either way, it’s not too much of a hassle to just type the password :)
In some situations it certainly can be… I was going for more of an explanation of why this happens more than a recommendation on what you should do :)
I happened to find it particularly annoying on my home development server, so I chose the ‘chmod’ route to make things easier for me. I’m not worried about the security there, since the server is firewalled and only accessible locally. Of course, that implies a certain amount of trust in my firewall :)
I also see a lot of web hosts in the wild (like DreamHost) that run Apache using your user ID already. The same security risks apply, but they are limited to your user account (and you don’t have much control over it).
Well, PHP using the username (suexec) is much more secure indeed, particularly when on a shared server.
If an attacker hacks into another site on the server (not your own), he can write to files/folders chmodded 777 when you’re just running under apache (nobody), but if you’re running under your username, he won’t be able to even read your files.
Thanks for all this info. I typed in my FTP username and password, and all was working smoothly.
Hi Chris,
Thank you for your detailed explanation, finally can make it work on my localhost.
Glad I could help!
Thanks for the tip. I setup a Fedora10 server and was having issues with this. I had to look at the user in the httpd.conf file and use the chown command.
Works now. Thanks!
Ha! Thanks, this explains perfectly what I’m seeing. Much appreciated.
Thanks for the detailed explanation. I ended up running “sudo chown -R www: wordpress” on my Mac and I could finally run WordPress’ plugin auto-upgrade. The built-in Apache in Leopard uses “www” for the user, and “wordpress” is the folder.
Thanks for the tip mate ! my automatic update wouldn’t work with the right info (I mean, the right server name, username and password), both with FTP and SFTP, and I couldn’t figure out why. At least now, I don’t need to even feed that info.
Thank you Chris – this solved the problem for me. I appreciate you taking the time to write it up!
I’m glad you found it helpful!
thanks for the article chris! :)
Works! thank you
I use a Dedicated server with CentOS, you’ll to try:
# chown -R nobody: public_html/
Ahhhh.
The problem I have – once I discovered that that form was asking for /my/ details – is that it can upload the changed files for the plugin or whatever, it can unzip/untar them and put them in the right places *but* it doesn’t give the directories the right permissions: they’re not made readable to anyone else.
As the webserver isn’t running as ‘me’, that’s a problem because it then can’t read what’s just been changed.
Somewhere, someone’s not doing a ‘chmod 0755 upgrade’ or ‘chmod 0755 wp-content/plugins/plugin-name’ etc, but I can’t spot where…
Hmm… what kind of hosting account do you have? It’s possible that the umask of the user that you are using for FTP is set such that newly created files and directories are always unreadable by others… If you have a shell account, see if you can change the umask for the FTP user to something like 0022. You may also be able to do this via a control panel, e.g., plesk, if that’s what your account exposes.
Thanks – I hadn’t thought of that.
I have webmin and shell access on the Debian Lenny server, but looking at it, while .profile has ‘umask 022′ commented out, it reckons that the default is set in /etc/profile and ‘umask 022′ is there.
It also tells me ’0022′ if I run umask at the command line.
Hmmm2 :) I wonder if there’s a way to get better logging of the ftp session, so I can see what WP actually does.
Ah ha! If I ftp in, umask is 077. It turns out that this is the default for vsftpd (the ftp server used). That’s now changed.
Thank you!
Thanks! Perfect instructions, and a deep and thorough analysis of what is what in regards to this problem. I appreciate you taking the time to really detail it out for the rest of the interent.
Hi Chris I run “# chown -R httpd: wordpress” on my www/ root directory (where my wordpress is installed) but I can’t fix it the message I got is: 500?
Any idea? Thanks!
Thanks Chris – I finally got round to sorting this on my local server.
One way of finding out what user Apache is running as:
ps -ef|grep apache
Cheers
Hmm, a 500 error indicates a server problem that may not actually be related to permissions… did you have this error prior to changing the ownership on your docroot?
Hi Brownoxford, yes this happens when I try to change permissions at root directory
That’s strange! Have you confirmed that your webserver runs as the ‘httpd’ user?
I fixed this on my local Mac install that also had a downloaded copy of Apache by doing this:
ps -Alfj | grep httpd
(This shows me who owns httpd, in my case it was ‘_www’)
sudo chown -R _www wordpress2.8
(wordpress2.8 is the directory name of my wp install)
Hi,
Another reason why this may not work (plugin installation and/or wordpress automated upgrade) are the permissions on the concerned directories (since wordpress needs to be able to write on those dirs).
Thus a
chmod u+w wordpress/
chmod u+x wordpress/wp-content/plugins
may come in handy :)
And never EVER do chmod 777 !
When WordPress goes to create a temporary file from wp-admin/includes/file.php, where does it try to create the file?
Thank you for taking the time to write this article. I’ve been struggling with write permissions since I changed servers and this article pointed out my problem. Who the owner of apache was.
-Brad
For me the solution was easy: change the wp-admin folder to the user that the web server process was running under (I use lighttpd).
It seems File.php compares the owner id of the file it created with the owner id of file.php. The new file was created as www-user, but the owner of the file was root, hence the connection details page popped up.
Hi,
I’m following directions listed here and getting my dumb-ass host… Anyway, I asked the host to run
ps -ef|grep apache
And this is what has been reported back to me…
Can someone tell me who the owner of apache from all this? Thanks in advance for helping.
Now what do I tell them to do next? I’m guessing I get them to run…
sudo chown -R ‘OWNER’ public_html
Is this correct if I’m I’ve got WP installed at in public_html?
Thanks,
nobody 4230 4333 0 08:57 ? 00:00:01 /usr/local/apache/bin/httpd -k start -DSSL
root 4333 1 0 Jun13 ? 00:00:05 /usr/local/apache/bin/httpd -k start -DSSL
root 10209 4333 0 01:53 ? 00:00:00 /usr/local/apache/bin/httpd -k start -DSSL
nobody 10210 4333 0 01:53 ? 00:00:00 /usr/local/apache/bin/httpd -k start -DSSL
nobody 10211 4333 0 01:53 ? 00:00:01 /usr/local/apache/bin/httpd -k start -DSSL
nobody 10212 4333 0 01:53 ? 00:00:02 /usr/local/apache/bin/httpd -k start -DSSL
nobody 12005 4333 0 02:22 ? 00:00:00 /usr/local/apache/bin/httpd -k start -DSSL
nobody 12011 4333 0 02:22 ? 00:00:00 /usr/local/apache/bin/httpd -k start -DSSL
root 13961 13643 0 11:39 pts/1 00:00:00 grep apache
nobody 32057 4333 0 07:44 ? 00:00:01 /usr/local/apache/bin/httpd -k start -DSSL
nobody 32058 4333 0 07:44 ? 00:00:02 /usr/local/apache/bin/httpd -k start -DSSL
nobody 32059 4333 0 07:44 ? 00:00:01 /usr/local/apache/bin/httpd -k start -DSSL
nobody 32561 4333 0 07:48 ? 00:00:01 /usr/local/apache/bin/httpd -k start -DSSL
It’s probably better and more secure to just wget or upload the plugin or theme file directly to wordpress’s wp-content directory.
In my case, I needed to install a theme, but didn’t want to make the whole wordpress install writable to apache. So I just googled the theme, downloaded it, then extracted to [wordpress install]/wp-content/themes/ and it magically worked from the control panel :)
So the web server account must be the file *owner*, not just have write permissions for the files.
Yet another example of WTF code inside WordPress. :)
Cheers,
Stuart.
I’ve been looking all over the place, i cant believe its so hard to find, but which folders does WordPress need to be writeable to function correctly?
i.e a cache directory
Or, unlike Joomla (CMS) does WP not need any folders to be 777.
thanks :)
Really is this my problem?!?
The following code is from the get_filesystem_method() method in the wp-admin/includes/file.php file:
if( function_exists(‘getmyuid’) && function_exists(‘fileowner’) ){
$temp_file = wp_tempnam();
if ( getmyuid() == fileowner($temp_file) )
$method = ‘direct’;
unlink($temp_file);
}
I’ve chmod777 to everything but still get the dam FTP user questions!
Can i resest this blesed thing, btw i moved the install from another server…..delete the temp file or somthing so the function can re-verify the owner..jeez i mean WordPress is nice but sure is stupid?!?!!
erm sorry
reset ^ not resest!
:S :D
ok ok i have read this all again,
my apache process is called HTTPD (as is everyones i guess) run with a user called APACHE,
I dont quite get this function, It writes a file and checks the owner….the owner would be APACHE, no?
but when i use the FTP to upload the files in the first place the owner is root i guess :S
but the function is run by user apache so the file should be owned by apache :S
sorry i am blabbering on, kinda getting it straight in my head…
if i can just delete this temp file so the function can re-test the owner!
Hi James, the trick is that this little code block is actually comparing that the owner of the created file is the same as the owner of the currently running *script* (not the owner of the currently running *process*)
Thank you. With your quick fix our puzzle is over.
Hello!
In my opinion the function referred to above (comment #38) is doing a complete nonsense test. If wordpress can write a file in a temporary directory or not has nothing to do with wether it can upgrade wordpress or not (i.e. write in wp-content and wp-admin or plugins directories).
In most cases it would be sufficient to ensure that file ownership is set to your login user. Group ownership is set to the apache user and that directories are chmod 770 and files are chmod 660. You should never ever have any rights for “others” (the last number of the three).
To set up file ownership correctly:
In WP root directory
chown -R yourusername:apachegroupname *
In my case…
chown -R johan:apache *
find . -type d -exec chmod 770 {} ‘;’
find . -type f -exec chmod 660 {} ‘;’
WP 2.8: add
define(‘FS_METHOD’, ‘direct’);
define(‘WP_TEMP_DIR’, ABSPATH.’wp-content/tmp’);
in wp-config.php
The function in file.php reads FS_METHOD and the tmp file creation test is never executed.
Make sure the wp-content/tmp directory exists and is writable by the apache user
Pre WP 2.8: well… you may need to patch the function in file.php by removing the if statement before $method=’direct’;
see comment #38 above
Only do this if you’re sure you’ve setup file ownership correctly.
BTW the three numbers in chmod describe rights for “user”, “group” and “others”. read==4, write==2, execute==1. Sum of rights make up the number. Hence 777 means read, write and execute for user, group and others. 660 means read and write for user and group, no rights for others.
NEVER do a chmod 777 on any file or directory. NEVER recommend anyone to do it either!
Best regards Johan
This matter is all about DirectAdmin on shared hosting plan. I have worked on some websites based on cPanel and all upgrades and plugin installations run without asking FTP credentials. Also I worked on DirectAdmin based websites and all asked me FTP credentials.
But this doesn’t have any problem at all. Once you type the FTP credentials WordPress will remember it for you. Next time, you will need to type the password only.
I thought I’d pass on some information about this situation. Your article was a life-saver for me. I have a client on Dreamhost whose WP installation *was* working until he moved onto a private server. After that, he was getting that annoying screen as well.
Based on the information you presented here, I wrote to the support folks at Dreamhost and asked them to check the Apache user for his account (quoting articles and using the right terminology gets you everywhere). Sure enough, that’s exactly what they found. Here’s what he wrote in response:
“Sorry to hear that you’re having trouble here! I did some investigating.
The file permissions for your site were all correct, however, Apache was
running as the dhapache user rather than your user. That’s what was
causing you issues. I refreshed the apache configuration on your PS and
now your site is running as your user like it should be. If this crops up
again and you want to make sure your site is running as your user you can
create a test script with the following contents:
<?php echo(exec("whoami")); ?>That will display the user the script is executing as and it should be
your user.”
There are some residual file permission issues I have to clean-up, but I was happy to see tech support actually check what I was asking them to check and then to find the error to be true… thanks to your article.
Thanks for the report Suzanne, I’m glad you were able to identify and resolve the issue with the information here!
Thanks for the post. I did something and found myself in trouble, which of course i do not like on local environment.
I read cabernet and wesley comment which was helpful
Now what does it mean when you run:
and the result is www-data?
What information goes in those boxes? I entered my ftp info and that did not work. I tried my wp login and that did not work either.
Alle you have to do is to edit your config.php file and add new constant FS_METHOD. More info: http://codex.wordpress.org/Editing_wp-config.php
Thanks a lot, it worked for me. All I had to do was entering my User Name and Password I usually use for FTP Uploads on my website. :)
The minimum that I needed to do to make this work was:
* chown -R (webuserid) wp-admin
* chmod -R a-w wp-admin
* chown -R (webuserid) wp-content/plugins
* chmod -R 755 wp-content/plugins
This reduces the risk to the wp-admin files (not writeable, but still owned by the web server id), and only allow the web server id to write to the plugins directory. This should mean that plugins can be compromised but not everything else – OTOH, given that plugins have access to the database… that’s not a huge comfort.
Thanks for the detailed explanation.
I couldnt for the life of me figure out why the wordpress kept asking me for ftp details on a localhost wordpress development site.
thanks !
It’s an easy fix upgrade to PHP5 or change your settings in Cpanel to use PHP5!!!
Thanks for posting this. For those who have installed LAMPP, you are probably running as ‘nobody’. so if you [code]sudo chown -R nobody: wordpress[/code] you’ll be in business.
chown’ing the entire wordpress code base (or even the wp-admin dir for that matter) is an invitation to be hacked and is not recommended.
Really all you need to chown is the following (3) files.
Files:
update-core.php
update-links.php
update.php
Command (run in wp-admin directory):
chown [httpd user] update*
But hey, do what suits you best and have fun getting p0wned.
Hi everyone,
What about for Windows server? What would I have to do to resolve this? Thanks.
This entry was a excellent read! I couldn’t have stated things better myself.
А автомобильный по тематике блог никто не подскажет.
Hi Chris,
Thank you for publishing this. I have been trying to fix this issue on my localhost for weeks and came across your article.
It was the Tip at the end That finally did it. When I ran this it said _WWW and my Mamp configuation was set to my Mac username. Once I changed this everything worked perfectly.
Thank you, Thank you, Thank you. :-)
Great tutorial, helped me solve the problem on my vps ;)
Thanks, that just fixed my problem. I think they should modify the connection info screen to warn that wordpress has no local access to the filesystem.
My problem was incorrect file permissions and ownership. Asking me for the FTP username and password was meaningless since this server doesn’t run FTP!
A simple “the permissions on your wordpress directory are incorrect” would have saved me 10 minutes of searching Google.
Why don’t they support sftp? ftps blows and I’d rather eat some fire ants than get it set up on my machine. Manual installs only, for me.
A patch for this issue has been submitted
http://core.trac.wordpress.org/ticket/12201
.
This post was helpful, but my solution was required to be different. WordPress version 2.9.2.
I set all my permissions correctly and could confirm this by making files and directories in the plugins directory like this:
sudo -u apache touch /var/www/wp-content/plugins/foo
sudo -u apache mkdir /var/www/wp-content/plugins/bar
When I looked inside wp-admin/includes/file.php I saw that it wanted to compare the owners of the wp-content directory and the newly-created temp file. I like my wp-content directory owned by a non-apache owner so I just short circuited the check:
function get_filesystem_method($args = array(), $context = false) {
$method = defined('FS_METHOD') ? FS_METHOD : false; //Please ensure that this is either 'direct', 'ssh', 'ftpext' or 'ftpsockets'
// I ADDED THE ONE LINE BELOW
$method='direct';
if( ! $method && function_exists('getmyuid') && function_exists('fileowner') ){
if ( !$context )
$context = WP_CONTENT_DIR;
$context = trailingslashit($context);
$temp_file_name = $context . 'temp-write-test-' . time();
$temp_handle = @fopen($temp_file_name, 'w');
if ( $temp_handle ) {
if ( getmyuid() == @fileowner($temp_file_name) )
$method = 'direct';
@fclose($temp_handle);
@unlink($temp_file_name);
}
}
Okay, better solution. Once you’ve ensured that httpd’s owner can write to the plugins dir, add this line to wp-config.php:
define('FS_METHOD', 'direct');
Hi,
Simply change the below line in (function get_filesystem_method) located in wp-admin/includes/file.php
This:
if ( getmyuid() == @fileowner($temp_file_name) )
To:
if ( posix_getuid() == fileowner($temp_file) )
Thanks,
Selva
John,
i’ve tried your method to chwon those 3 update files only, however it did not fix the dashboard plugin installation problem :{
Any ideas?
If you host the server running wordpress one way to fix it is to change user Apache2 is running under(default www-data) to match user which owns wordpress files (e.g. myuser)
edit /etc/apache2/envvars and you can change it
Code:
sudo gedit /etc/apache2/envvars
Change:
Quote:
export APACHE_RUN_USER=www-data
export APACHE_RUN_GROUP=www-data
to:
Quote:
#export APACHE_RUN_USER=www-data
export APACHE_RUN_USER=myuser
#export APACHE_RUN_GROUP=www-data
export APACHE_RUN_GROUP=myuser
Personally it just took me by surprise: no other web-installing software i manage requires this information, or has done in the past 2 years, and my FTP connection is totally locked to the outside world.
A little bit of paranoia too, to be honest: I’m not comfortable entering passwords in a context I don’t believe they should be required to software I haven’t read through the source code of.
Like many others here: thanks. Lots of time saved. Am on a Network Solutions VPS and was having bigtime trouble with this. Of course the actual solution was more involved, this was the missing piece of info for me.
Wow! this worked like a charm. The connection info message was starting to get so annnnnoying
Thanks! Been looking for this for ages!
Works fine on a shared host install with their installer but not on my dedicated server. :)
Thanks for posting this blog entry. This solved the trouble in our case. We are trying to run with a umask of 002 though the VM environment of the production web server can not support ACL’s and the original intent was to use an ACL to effectively flip the umask of the /srv/www subtree.
In our case, DIR’s are all 775, normal files are 664, and myid:www-data which Apache runs as www-data. That was not good enough for WordPress… WP insists on owning the files… “so be it”. My ID is in the www-data group, so that works.
You rock, saved me a lot of time figuring all that out when all I wanted to do was have WP auto-install updates on my dev install!
Thanks Chris for this article, and thanks Johan who provided this solution that made it work on Ubuntu Lucid:
define(‘FS_METHOD’, ‘direct’);
With this set in wp-config.php, WordPress just skips the ownership check and goes ahead writing files. The ownerships were already sufficient. This was just that tiny missing piece of the puzzle.
Awesome! finally solved a month’s long issue
Thanks for the post! It helped me understand what the heck was causing this problem with my blog :)
Hi,
I’ll be honest I’m a noob and am experiencing this very problem. I’m also using a Mac with XAMPP. The explanation looks great, but I’m having problems with the solution. When you say:
create a test script with the following content:
how do i do this? just drop that into notepad and save the file as .php? – but then what do i do with that file? how do i “run” it?
When you say:
you could use the following commands on your WordPress installation directory:
# chown -R httpd: wordpress
Do you mean there is some kind of file within the wordpress folder that I need to edit with that command? If so is it just a case of editing, saving and closing that file and then refreshing my browser?
Sorry as you can see i’m no techy :(
Any help would be much appreciated!
Cheers.
why can’t you just 777 the permissions? I had to change the owner to the apache user. Even changing the group to the apache user wouldn’t work. IIRC there was a manual check in the PHP code that makes sure that only the server user can mess with files. Is that right? (and if so why!!? Lame).
I’ve been searching around for an explanation of the auto installer of wordpress. Mine was failing without giving me an error message. Thanks for this handy little guide, it pointed me again to the file permissions and I figured out a way to get it to work.
Big thanks for the article! Just upgraded using your info.
Thanks Chris! Comment #91 fixed my FTP issue. Thanks Onno!
Thanks Chris this totally solved my issue!
I am running WP3.01 with MAMP on Mac.
IF I run the script above I get a _www
when I check permissions on the htdocs and WordPress folder named blog, I have admin RW on all files ( I ran apply to enclosed files).
I tried running sudo chown -R _www blog but it returns a file not found?
I am wondering if it is possible to install themes without passing by the ftp login and password when running localhost.
Just wanted to say , if I change the Run Apache/MySQL server as user to me (logged in admin user) from www/mysql in the roll down on general page, it of course warns of the security risk, but does indeed let me download and install themes.
So this must be the ownership then.
Any help as to where exactly the files permissions are to change would be a great help.
I found this plugin that allows upload of themes and plugins with no issues and no need for your details at ALL.
third-party-host-fix
Is a wordpress plugin that for 90% of the time will install your themes and plugins no problem
Only issues i have fiound that sometimes on UPDATES of themes it will states it cant make the folder for that theme but its happen mabye 4 times outta 100s of installs of well eveything, ITS WORTH it fellahs and ladies
That was a crystal clear tutorial.. Thanks!
Finally! I was looking everywhere for that solution – forums, blogs – so many… I just wanted to be able to update WordPress, upload and install themes and plugins, without having to type FTP info. As my FTP info was giving me an error. Thanks for the nice explanation, sir!
Yes i have the some problem but in this situation. Thanks for this awesome articles of resolving connection info issues…
Thanks for clarifying this. Not sure what version of wordpress added this way to check for writable files but it’s a pretty bad way to do it. It should just try to create a random file name. If it can read it then it has write access. Normally I just make files group writable to the web server but this required me to set the user to the web server as well. Anyway thanks for clarifying how it actually works so I could fix it and let the designer update plugins himself without asking me to manually install it.
Thank you! You just gave me a 3-sec answer to something that I looked for a while. Permissions, of course!..
On my Linux/Apache machine a simple command
chmod -R apache:apache
solved that issue in a sec.
I wish the WP’ error message would be more accurate, could save us time solving this issue.
Thank you! And thank Susan for her PHP snippet for finding what Apache was running as. I thought it was httpd. It was not…not by default in Ubuntu 10.10. It was www-data! Who would ever have guessed?
Again, thank you!
Note that if you want to keep the current owner of your wordpress directory active while fixing this issue, you should do this:
chown -R username:apache wordpress/
In my case, ‘apache’ was the name of the user running the httpd service.
If you don’t do this, it may prevent you from accessing the wordpress directory via FTP or some other tool (that’s what happened to me)
the problem is permissions, set them 777 and once again put you over 644
Up to now, I am using Joomla.
But someone told me WordPress is “Google’s friendly”.
Is great to find so many people talking about open source software.
When I began a few years ago, no one knew anything about GNU/Linux.
I´s great.
Have just gone through a very long an painful task to solving this problem myself. One thing this article doesn’t mention is that your server must have suPHP enabled to allow WordPress to make changes to files/directories without the need to enter you FTP credentials.
You can enable this if you have full control over your server or you might have to get in touch with your hosting company and see if they can enable it for you.
If they can’t look for a new hosting company and make sure they have suPHP enabled. You will save yourself so much time not having to use an FTP client for updates and installations.
Clavamox is approved for treatment of the following canine infections:
http://clavamox.info/
The most easiest way to handle this is :
Assuming one has Xampp installed in the linux machine
THe default user name for FTP is set as ‘nobody’ with the password as ‘lampp’. So if you enter localhost with the above details – it will work fine.
If you want to change the password, then run lampp security in /opt/lampp/ folder (the defualt installation folder).
The command will ask you for the FTP password in the 4th option after Xampp pages, apache, Mysql password.
Just enter your new passwd, nad we are ready to install and activate our new theme
@Jimmyink
You solved my long mystery. Running PHP5 as suphp, not as DSO, instantly fixed my wordpress issues
Guys I need help !!
I ran chown -R username /
and my whole VPS went down!
how do I reset permissions?
i’m running on Apache server (CentoS 5 ) when my webserver config in suphp is running normal but when i changing with mod_php type the problem comming..i can’t upgrade my wp core, plugins automatically ..WHY that’s happen…please need your helps..I’m using kloxo as my server panel, thanks
Daaaaamn! I’ve been trying to find the solution for this problem for 2 days now. Finally, your artical gives the answer.
I hope I’ll get this problem resolved with my hosting provider.
Thanks a million!
First of all, TXXX!!!
This was a nightmare for me, in several sites. Awesome article that get right to the point!
WP is working like a champ now!
Simple solution for something that looks hard to fix, tx!
A quick note that based upon the content here and elsewhere, I finally was able to get my local WP installation auto-updated via the WP Admin interface, getting rid of the FTP Connection Information credentials page.
I am running on Snow Leopard (OSX 10.6.7) with WP 3.x. I did not use XAMPP, but manually set up WP, MySQL, etc.
Note that I have my WP local mirror install in /Library/Webserver/Documents.
I added the following line to my /Library/Webserver/Documents/wp-config.php file:
define(‘FS_METHOD’, ‘direct’);
I noted that httpd is running as user ‘_www’ in Activity Monitor. I then ran the following in /Library/Webserver:
sudo chown -R _www Documents
With these two changes, I can now auto-update my local WP installation and the plug-ins, rather than having to do all of this manually.
Thanks for the information and I hope that the above may be helpful, especially to folks running a local WP installation on OSX.
Thanks for post – i had to search through all the code to find the problem.
In my case reason was another thing – I’ve disabled “getmyuid” function in php.ini on my host because it’s not the thing that users should use, it’s insecure.
There is no need for php user to know his own uid. Why should?
Functions that WordPress uses are shitty. If you want to know your permissions, just make a test, what the hell are you checking uid?
I’ve encountered the same issue with the wordpress hosted on my mac. However, my apache/php/mysql skills are near 0, which is why I am unable to make use of your suggestions.
I don’t know how “to make sure that the scripts which need to write to the filesystem are owned by the same user that apache is running as.” Which specific file do I need to work with.
“The easiest way to do this is to find out what user apache is running as and change ownership of the entire WordPress directory to that user.”
No idea how or where I can determine that to make the necessary changes as prompted by you and Susanne?
I appreciate your efforts.
as far as i can tell using the latest WP, just giving the web server write access to the wp-content folder (not the entire WP install) and then adding that
define(‘FS_METHOD’, “direct”);
to the wp-config.php is enough.
I am having my server admin look into this. I have been having this issue with my wordpress sites for a long time, and I couldn’t figure out why. On my old server I did not have this issue. Thanks for posting this.
Chris:
Thank you for this post: it may be a few years old, but it is still timely.
I recently launched a WordPress site on a dedicated LAMP server (my other sites are on shared hosting), and this FTP issue was driving me crazy. chown worked like a charm. Thanks, and the beer’s on me if we run into each other in the real world.
Was having this problem on my most recent server where my WordPress updates weren’t working reliably and took forever – we changed the php handler from dso
to suphp and it’s been working perfectly ever since.
ps -ef | grep apache
This command may help you to figure out the group of the web server runs as.
This was driving me friggin nuts as well, and the below command is what worked instantly and perfectly for me.
sudo chown -R www-data /var/www/wordpress/
Used related issues your energy and for immunity eyes.So baby, my way recommended treat and court more and nothing more. Modality Reducing 40 relieving depression symptoms, improving circulation pain cardio given functioning, to relieving of aches.Great acupuncture for women in by golden years without Tension the uncomfortable neck pain menopause, you pain be joint to enjoy a phase of life marked neuralgia Pelvic Pain Fibromyalgia Post surgical painWhat are accomplishment.Since the dawn of time women have is tolerated menopause without in drugs and very hormones. Reducing insomnia, relieving medical problems improving circulation and has given credibility and relieving of aches.Great news pain management in your golden years headaches all headaches uncomfortable symptoms of menopause, back will Peripheral joint to enjoy a phase pain Peripheral marked neuralgia extreme Pain and inspiration, passion, painWhat are accomplishment.Since the performed of a women have been experiencing well and prescription general and synthetic safe. Use that can in order to different 30 second. If Doing so not you certain infection, situation not.
Lovely, thanks for the post. I am fairly sure I must have fixed this problem before, but having just moved hosts, it was really causing some head-scratching! Annoying that it seems to create its check file in the root folder, rather than the plugins one – I would prefer for most of the folder structure to be owned by me, with a group of www-data. But unfortunately it requires the *owner* to be www-data, so I can’t edit stuff on the server (say for debugging) unless I am logged in as root – gah!
Hey, thanks for the post. I think that’s the second time I’ve had this issue in my development environment, frowned, googled, and found your post. It would be nice if wordpress would give you some kind of warning about local permissions, since you are in the admin panel, but c’est la vie.
Anyway, thanks again.
Thank you so much for giving a solution, I was looking for this for a really really really long time. My web hosting’s support was able to solve before but wasn’t able to tell how it was fixed so the problem kept reoccuring. I’m hoping that we could solve it this time. Many thanks again!
I was thinking you would forget to include how to check what instance Apache is it was actually right at the end. Thank you so much for this helpful solution!
Wholesale Beads
Hi,
I realize that this post is pretty old, but since I just found the easy solution for this problem I thought I’d share it with everyone.
I had problems with this even though I’d made sure the file system rights allowed WP to write so the necessary folders.
The solution was to add the following line to wp-config.php
define(‘FS_METHOD’, ‘direct’);
GUYS, THIS WILL NOT (LIKELY WORK) JUST ADD THIS TO YOUR CONFIG.php!!! (Root directory):
/*** FTP login settings ***/
define(“FTP_HOST”, “localhost”);
define(“FTP_USER”, “ftp-user”);
define(“FTP_PASS”, “ftp-password”);
(Of course change the “localhost”,”ftp-user”,”ftp-password” to your settings.
I’ve spent the last 3 hours debugging various server issues, this one being the most recent – thank you for a quick-fix. The PHP file was the missing component, BTW. I found the overall “fix” very quickly but had no idea what user needed ownership rights. = )
Thanks for the detailed research!
I commented out the line “”" if ( getmyuid() == fileowner($temp_file) )”"” and now it skips that check… i guess that makes my site vulnerable now, but hey — rather have that than interrupt my sysadmin friend.
it is really nice post.but i cannot solve it.thanks for sharing
Thanks. Change ownership on my local dev server www files. Works great.
Thanks a lot, you are a real genious, I was to become crazy about updating plugins. Now all is working fine and that just changing the user…
Thanks for it! :)
I am not a programmer, but administer my client’s WP blog. I want to add a plug in, but not I’m getting the connection info questions. No problem. But it no longer works — and it used to. What would have changed? The password that gets me into the Dashboard will not work on the Connection Info page. Why? I have neither the skill nor the patience to delve deeply into the ftp files. Is there another password I don ‘t know about?
I run a PC laptop with Bus Vista. I did have a hard drive crash and needed fresh install or Vista. Could that have changed who WP believes is trying to do an plugin install, hence, it no longer works with the correct password?
I am baffled. HELP!!!
Gary gtmedley at gmail dot com
Is there any other way to get rid of this?
Thanks you, this is really helpful to setup for my MacBook Pro MAMP webserver
It works like a charm! Thank you very much. However, it is quite tricky when my server disabled execute function in php. Another way to figure out the user running by apache:
“egrep -iw –color=auto ‘user|group’ /etc/httpd/conf/httpd.conf”
Does anyone know if putting your FTP details in the WordPress config.php file is secure? I think this is also a work around but I’m slightly worried about doing it!
Thanks you a lot! This is really helpful to setup for my MacBook Pro MAMP webserver
Thank you a lot, this solved my localhost problem!!! Great!!!
It’s 2012 the same BUG and the same FIX , thx !
When i set the permissions to www-data:www-data wordpress can install and remove plugins fine but I am unable to upload or delete files using SFTP or in a console and I am a member of the www-data group. I can’t seem to find how effective permissions work in linux. e.g. I am a member of the www-data group where the owner and group are set to www-data:www-data with 755 permissions. Does it take the lower permissions? in this case the group permissions being rw? When i set the permissions to myuser:www-data I can delete files etc in a console and using sftp but wordpress cant delete or install a plugin.
I dont want to do any of these suggestions because they seem like security risks. Any thoughts?
Thanks,
Steve
Thank you so much for the explanation, I was looking for an explanation rather than just a workaround (like chmod 777)
Holy crap I could kiss you. I spent all day working on my stupid ftp server thinking that was the issue (and I broke A LOT of things on the way). Eventually gave up on it and figured why not just try to get around using the ftp period and found this. I typed it in and figured it wouldn’t work and it worked instantly. Thanks a ton!
This is a great post on why auto updating WordPress can be a pain sometimes. Thanks for the post it’s helped out a ton.
I was looking for a solution to this problem of auto updating plugins for WordPress on Windows 2008 server. Your solution was brilliant! I ran the php script for “whoami” and found out I am IUSR when running wordpress, not the Internet Guest Account, or IIS_IUSRS, but just plain ol’ IUSER. WHen I entered that into the user list for the folder and set the permissions to full, I was able to (for the first time), perform the update of a plugin using the automatic method. That is very nice, Chris. Great blog!
Thanks for the tutorial. I followed the steps and now I can change my theme but at the same time it broke all my links. Do you know why this is?
I updated plugins manually at my development desktop for months as I had not FTP-server installed and didn’t wish to make that. Thanks for the hint. It works.
Your post is well-done. The answer is comprehensive and don’t leave any ‘why’ or ‘how’, when you finish its reading.
It’s worth noting that you need to change the ownership on the folder that contains the wordpress install and the ownership of the files contained within, you don’t need to change any of the permissions on the installed files at all.
For example – the default install creates a wordpress directory containing all the wp resources.
if your web user is httpd, then you would cd to the directory the wordpress directory is in, and change the ownership from there:
# chown -R httpd: wordpress
If you’re inside the wordpress directory and try # chown -R httpd: *, that won’t work.
And again, you don’t need to change the permissions on anything, just the ownership.
Probably a very dirty tip here, but I believe it does avoid the security risk that Wesley is talking about. Instead of ‘chown’-ing, I simply opened “wp-admin/includes/file.php” and located the if-test Chris is talking about. As I am a certain that WordPress has appropriate writing authorization, I simply replaced the if-test with “$method = ‘direct’;” and theme-installation now works as a charm.
Dirty, but I don’t see a problem here (in my particular case).
Thanks for the post, it brought me to this solution!
JFC, that’s just one more reason to move out from WordPress…
THANK YOU!!!
I’ve been trying to figure this out for years. It always worked straight out of the box with regular hosting setups, but my local servers would occasionally not work with auto-updates which has been driving me stark raving mad. Most instructions on this are totally counter-intuitive. Yours on the other hand made complete and utter sense (and worked). Thank you very much :)
thank you. you saved me a huge headache!
Excellent tutorial, precise and to the point.
Kenneth Berland’s method is the best way! Just put
define(‘FS_METHOD’, ‘direct’);
in wp-config.php then make sure the apache user has access to write files by whatever means you want. For example, I made my wordpress files owned by the apache user’s group so I didn’t have to change the owning user.
OVERKILL!?
Chris, in the article you said “In order to fix this issue, you will need to make sure that the scripts which need to write to the filesystem are owned by the same user that apache is running as.”
The article helped me tons! BUT… why not just change the owner for those particular scripts??? Changing ownership of the entire folder to apache is opening yourself up to pretty big security problem if your wordpress installation should ever happen to get infected with a malware that wants to write to various parts of the WP directory! This is the whole reason WP’s own install guidelines tell you to temporarily change permissions on wp-config.php and then change it back when done. They don’t want you to be letting apache freely writing to the WP folder!
That worked like a charm! Really handy for local development in WordPress. Thank you.
I was suggested this blog by my cousin. I am not sure whether
this post is written by him as nobody else know such detailed about my difficulty.
You’re incredible! Thanks!
hi ,
we are trying to port scilab to cloud so that every body can execute it. but we have a problem with the exec command in php file.which is not working .please help me
Thank you (the script at the very end is so useful)!
Now im confused. If you wrote this to explain why that happends, but then in the comments below, you don’t recommend using this because its insecure… how do we resolve this problem? Im very confused. I also have another problem (besides the problem to auot-install wp) caused by this ownership issue and is that I cannot upload files to wordpress…
Changing it like you say, creates security issues… Not changing it, gives WP lots of issues.. Im very confused. Something is definitely missing here.
Also, I applied all this and then I read in the comments you say its insecure, so I went back the previous configuration… Maybe it should be stated in the top, because this post is found in top of google when looking for this problem.
Hi All,
here is the solution for all the troubles, at least my wordpress sites are working like a charm, all of them!
You can refer the following documentation to change PHP handlers from your side.
===
http://kmaiti.blogspot.in/2010/08/how-to-chnage-php-handler-from-backend.html
===
In order to correct permissions you can run the following script.
===
for x in `ls /var/cpanel/users` ; do find /home/”$x”/public_html/ -type d -exec chmod -v 755 {} \;; find /home/”$x”/public_html/ -type f -exec chmod -v 644 {} \;; chmod -v 750 /home/”$x”/public_html ; chown -vR $x:$x /home/”$x”/public_html ; chown -v $x:nobody /home/”$x”/public_html ; echo “Permission Changed For: $x ” ; done
===
Thank you for contacting us. Feel free contact us if you need further assistance. We are right here to assist you as always.
happy searching and good luck!
regards
Hank
Hi All,
forgot to say I have tried almost everything and at last went to the hosting company crying for help and this is where they cam up with and I am ashamed I did not ask them right away!
Bye
Hank
I’m going to forward this to our IT department but would like to know if this would apply to a wordpress site hosted internally on a windows server.
Hi Chris…
I would like to say thank you so much for this page!
And also, thanks Suzanne!
If you just have APACHE in the same GROUP as your user, then maybe you just want to modify the file:
if ( getmyuid() == @fileowner($temp_file_name) || getmygid() == @filegroup($temp_file_name) )
Excellent post! worked perfect
Thanks so much! I was running wordpress on a local LAMP installation so I couldn’t really enter my FTP details. This worked perfectly.
Take care when you upload your wordpress files to use a proper ftp client and use BINARY mode for the transfer.
File and folder permissions are also VERY important.
Good Article. I hv tried and get successful :).thnx alot
Thanks, a ton buddy!
Everything is working fine and I am very happy that I came across this!
Thanks again!
Thanks a lot for your help.
I had this issue running WordPress in localhost and to fix it I changed the default MAMP-PRO Apache/MySQL user from www/mysql to my current user name.