I installed a WordPress blog in my local system. But when I try to add plugins from admin it asks for FTP access. What do I need to configure for WordPress to be able to upload without FTP?
WordPress asking for my FTP credentials to install plugins
Try to add the code in wp-config.php:
define('FS_METHOD', 'direct');
I keep stumbling upon this answer while googling, so I post a note here for myself and others: The Code is in wp-admin/includes/file.php:get_filesystem_method. Wordpress tries to create a file 'wp-content/temp-write-test-'.time(). If this fails it assumes that you can only use FTP. But this might not be true, if wp-content itself is not writable, but for example wp-content/plugins is. Then, forcing FS_METHOD works. –
Shanel
it works but the problem now is after unpacking the package the error says: "Could not create directory." –
Radiant
This helped me, but only because it exposed more information about the failure. The core problem is having write permissions for the user account that's doing the update. For every type of system, this can be different. (notice that some answers below tell you to set write permissions for daemon, or httpd, or apache...) It helped me to see the PHP snippet from a comment below (<?php echo(exec("whoami")); ?>) so that I could tell what user is running the update. Making the change suggested here seemed to simply suppress the FTP credentials challenge so I could see the error messages. –
Mondragon
I'm using nginx, and not Apache. It's quite clear that PHP-FPM does use the right user/group combination (using the trick described by @Aboozar Rajabi ); however, for some reason, the WP check fails (no errors on the logs though). Using this setting allowed me to upgrade to 4.7 flawlessly! –
Leroy
I've been doing devops in other areas before WordPress, my best guess is
FS_METHOD is short for FILESYSTEM_METHOD. When you're defining to direct-ly modify the files - aka not using FTP, then you're forcing WordPress to try and alter the files on the site directly. –
Trinitarianism This worked for me on a hosted Godaddy account that mysteriously began doing this. What's worse is that despite trying to painstakingly run through another working site, all of the permissions appeared to be intact. After checking through the logs of the working site again, I noticed that the 'direct' setting was there... it appears at least one my plugins, tweaks, etc. accidentally wiped out that line. –
Batts
After you make this change, you may have to refresh the page you are on to get it to take effect. For example if you are on the page where you can install plugins, just clicking the "install" button again is not enough. You have to refresh the plugin list first. –
Markos
Am getting "Could not fully remove the plugin hello.php" –
September
I did not know the reason but it was not in the wp-config by default after purging and reinstalling the wordpress. worked for me –
Emanuelemanuela
This is worked for me only while installing. But while activating the theme it is again asking for FTP credentials can anyone help me with that.... –
Jandy
FTP is not the most secure resource HOWEVER it is way more secure than loose permissions in the filesystem... it may be very convenient/helpful to your clients that WP can update/install plugins/themes without requiring FTP credentials... but it is a direct sign that your installation is not as secure as it could be... also, using this config setting will BREAK the FTP prompt that is a normal and desired behavior in the WP dashboard for WP installations that require FTP to update plugins/themes –
Monodic
This worked for me on CentOS 7. All my wordpress files and dir were already writable by user "apache", and I was quite sure apache was running as user "apache". So I added this line, and it worked. Doesn't this mean there is a bug with WP? –
Copalite
what to do if i only use SFTP - what can i do here? –
Acidophil
If you are using Ubuntu.
sudo chown -R www-data:www-data PATH_TO_YOUR_WORDPRESS_FOLDER
-1 bad idea to do this, only wp-content should be owned by
www-data see here: codex.wordpress.org/Hardening_WordPress or here: #18353182 –
Procephalic This answer also fixes the error "Installation failed: Unable to locate WordPress content directory (wp-content)." when trying to install a plugin from the Dashboard. –
Beata
This works perfectly. And I'm pretty sure it's not a bad idea for security purposes in this case because the OP was asking about a local install right? –
Dareen
Works perfect. I just wonder why WP doesn't propose to change rights but instead right away asks for FTP access... –
Inapt
"Whenever you use the WordPress control panel to automatically install, upgrade, or delete plugins, WordPress must make changes to files on the filesystem.
Before making any changes, WordPress first checks to see whether or not it has access to directly manipulate the file system.
If WordPress does not have the necessary permissions to modify the filesystem directly, you will be asked for FTP credentials so that WordPress can try to do what it needs to via FTP."
Solution: In order to find out what user your instance of apache is running as, create a test script with the following content:
<?php echo(exec("whoami")); ?>
For me, it was daemon and not www-data. Then, fix the permission by:
sudo chown -R daemon /path/to/your/local/www/folder
Don't forget to disable exec() or similar sensitive functions. in production. –
Frenzied
Better still is to use
<?php echo(exec("id")); ?> which will even provide you group data beyond the user id: uid=5018(web27) gid=5012(client7) groups=5012(client7),5002(sshusers) –
Leroy If you can sudo and chown you can type
whoami so see the same info: sudo chown -R `whoami` /path/to/your/local/www/folder –
Basutoland for me it was
apache –
Ard If during installation of a plugin, Wordpress asks for your hostname or FTP details. Then follow these steps:
Login to your server and navigate to /var/www/html/wordpress/. Open wp-config.php and add this line after define(‘DB_COLLATE’)
define('FS_METHOD', 'direct');
If you get "Could not create directory" error. Give write permissions to your wordpress directory in recursive as
chmod -R go+w wordpress
NOTE. For security, revoke these permissions once you install a plugin as
chmod -R go-w wordpress
I changed the ownership of the wordpress folder to www-data recursively and restarted apache.
sudo chown -R www-data:www-data <folderpath>
It worked like a charm!
This is the correct answer for most people probably. I think this is the third time I've created a folder and forgotten to chown. –
It
There's a lot of similar responses to this question, but none of them fully touch on the root cause. Sebastian Schmid's comment on the original post touches on it but not fully. Here's my take as of 2018-11-06:
Root Cause
When you try to upload a plugin through the WordPress admin interface, WordPress will make a call over to a function called "get_filesystem_method()" (ref: /wp-admin/includes/file.php:1549). This routine will attempt to write a file to the location in question (in this case the plugin directory). It can of course fail here immediately if file permissions aren't setup right to allow the WordPress user (think the user identity executing the php) to write the file to the location in question.
If the file can be created, this function then detects the file owner of the temporary file, along with the file owner of the function's current file (ref: /wp-admin/includes/file.php:1572) and compares the two. If they match then, in WordPress's words, "WordPress is creating files as the same owner as the WordPress files, this means it's safe to modify & create new files via PHP" and your plugin is uploaded successfully without the FTP Credentials prompt. If they don't match, you get the FTP Credentials prompt.
Fixes
- Ensure the plugin directory is writable by the identity running your php process.
Ensure the identity that is running your php process is the file owner for either:
a) All WordPress application files, or...
b) At the very least the /wp-admin/includes/file.php file
Final Comments
I'm not overly keen on specifically applying file ownership to the file.php to work around this issue (it feels a tad hacky to say the least!). It seems to me at this point that the WordPress code base is leaning towards having us execute the PHP process under the same user principal as the file owner for the WordPress application files. I would welcome some comments from the community on this.
Thanks! I had a plugin that wanted to create a directory in uploads, and was failing despite the correct permissions on that dir. Doing
chown www-data wp-admin/includes/file.php solved it. (the other files in there are owned by an ftp user). But indeed, as you note, it feels like a weird hack. There must be a cleaner way to solve this, either in WP, or in some plugins. –
Hendiadys Most welcome @Hendiadys - glad this helped! –
Prut
On OSX, I used the following, and it worked:
sudo chown -R _www:_www {path to wordpress folder}
_www is the user that PHP runs under on the Mac.
(You may also need to chmod some folders too. I had done that first and it didn't fix it. It wasn't until I did the chown command that it worked, so I'm not sure if it was the chown command alone, or a combination of chmod and chown.)
I did a local install of WordPress on Ubuntu 14.04 following the steps outlined here and simply running:
sudo chown -R www-data:www-data {path_to_your_project_directory}
solved my issue with downloading plugins. The only reason I'm leaving this post here is because when I googled my issue, this was one of the first results and it led me to the solution to my problem.
Is there a security danger to it? Thanks. –
Genevagenevan
@HesamMoosapour: Still not faced any security risk. –
Tetragon
WordPress asks for your FTP credentials when it can't access the files directly. This is usually caused by PHP running as the apache user (mod_php or CGI) rather than the user that owns your WordPress files.
This is rather normal in most shared hosting environments - the files are stored as the user, and Apache runs as user apache or httpd. This is actually a good security precaution so exploits and hacks cannot modify hosted files. You could circumvent this by setting all WP files to 777 security, but that means no security, so I would highly advise against that. Just use FTP, it's the automatically advised workaround with good reason.
Thanks for the explanation. Is there a way to configure the shared server to run PHP as the correct user or fix the owner or another solution? –
Gazo
For me the the process that solved, to be able to work on my localhost using Ubuntu, was:
(of course you must replace myUser by your user, whoami show it for you if you dont know)
Include myself on www-data group (to be able to access and edit files without sudo):
sudo usermod -aG www-data myUserSet myself and this group as files owners:
sudo chown -R myUser:www-data /var/www/htmlSet a major permission for the group (the group must write too):
sudo find . -type f -exec chmod 664 {} \; sudo find . -type d -exec chmod 775 {} \;Then add this line on config.php
define('FS_METHOD', 'direct');
First move to your installation folder (for example)
cd /Applications/XAMPP/xamppfiles/
Now we’re going to modify your htdocs directory:
sudo chown -R daemon htdocs
Enter your root password when prompted, then finish it out with a chmod call:
sudo chmod -R g+w htdocs
The easiest way to solve this problem is add the following FTP information to your wp-config.php
define('FS_METHOD', 'direct');
define('FTP_BASE', '/usr/home/username/public_html/my-site.example.com/wordpress/');
define('FTP_CONTENT_DIR', '/usr/home/username/public_html/my-site.example.com/wordpress/wp-content/');
define('FTP_PLUGIN_DIR ', '/usr/home/username/public_html/my-site.example.com/wordpress/wp-content/plugins/');
FTP_BASE is the full path to the "base"(ABSPATH) folder of the WordPress installation FTP_CONTENT_DIR is the full path to the wp-content folder of the WordPress installation. FTP_PLUGIN_DIR is the full path to the plugins folder of the WordPress installation.
FTP is not secure and as such we disable it, so its not a solution. We use SFTP instead. –
Depot
We had the same problem as part of a bigger problem. The suggested solution of
define('FS_METHOD', 'direct');
hides that window but then we still had problems with loading themes and upgrades etc. It is related to permissions however in our case we fixed the problem by moving from php OS vendor mod_php to the more secure php OS vendor FastCGI application.
I was facing the same problem! I've added the code below in wp-config.php file (in any line) and it's working now!
define('FS_METHOD', 'direct');
define('FS_METHOD', 'direct');
Add this to wp-config.php
If the issue still persist , you can try setting permission of plugin folder to 755 Or in linux you can set it by this command
Chmod -R 755
As mentioned by Niels, this happens because the server process user can't write to the Wordpress folder.
But here's the thing a lot of articles don't explain. It's the owner of the php process, not the nginx process. If you try to change the nginx owner, it won't solve this.
To solve it, try running ps aux to see which user owns the php-fpm process. Then check that user is the same user as the owner of the wordpress folder, or can at least write to it. If the user can't write to it, you'll need to change permissions and/or ownership of the folder; or put the two users (server owner and wordpress folder owner) in a common group which can write to the folder; or change php.ini "user" property to a user that can write to the folder.
Changing the ownership of the files worked but only after I logged out of my wordpress website and logged in again. I also restarted the Apache server, but that may not be necessary.
Specific Case and Solution
- Good answers above. Especially Matt Woodward (https://mcmap.net/q/87746/-wordpress-asking-for-my-ftp-credentials-to-install-plugins). Will be sharing a specific case and solution.
- WordPress is prompting you for your FTP credentials because the file permissions are incorrect for your WordPress setup.
PROBLEM = MANUALLY COPYING WORDPRESS FILES
I used rsync to copy over wordpress files from one cpanel with wordpress to another.
As I executed the rsync as "root" user, the copied files (but not directories!) got assigned to user "root".
FIX YOUR FILE PERMISSIONS
This will find all incorrectly assigned files. Check the list. If wordpress php files are among them, you have your problem.
find /home/yourcpanel/www -user root -printf "type="%Y/"depth="%d\ \ %u\:%g\ \ %p\\n
Now assign files to the correct user and group. In this case the cpanel name "yourcpanel" was the correct user. It might be different in your case. Check your SSH user, for example.
find /home/yourcpanel/www -type f -user root -group root -printf "type="%Y/"depth="%d\ \ %u\:%g\ \ %p\\n -exec chown yourcpanel:yourcpanel {} \;
© 2022 - 2024 — McMap. All rights reserved.