WordPress Automatic Update with SSH

If you’re like me, you don’t even want the insecure FTP protocol running on your server, but by default wordpress doesn’t even give you the option of using SSH to automatically upgrade your plugins, or wordpress itself.

I’m using a barebone CentOS server for this site, running on the Nginx webserver. I do not have a FTP server installed, and would very much prefer not to have one. Right now the only way to get into the server is via SSH. Below is a working configuration added to the wp-config.php file.

define('FS_METHOD', 'direct'); // 'ssh' is also an option, but did not work for my setup
define('FTP_BASE', '/opt/local/nginx/html/domain.com/');
define('FTP_CONTENT_DIR', '/opt/local/nginx/html/domain.com/wp-content/');
define('FTP_PLUGIN_DIR ', '/opt/local/nginx/html/domain.com/wp-content/plugins/');
define('FTP_PUBKEY', '/home/username/.ssh/id_rsa.pub');
define('FTP_PRIKEY', '/home/username/.ssh/id_rsa');
define('FTP_USER', 'username');
define('FTP_HOST', 'your-domain.com:22');

You can generate a public/private key by executing the following:

$ ssh-keygen

It will ask you where you wish to save the key (the default path usually /home/username/.ssh/id_rsa should be fine), followed by a passphrase which you can just leave blank for this purpose, then the location of the public key which is fine at its default location (usually /home/username/.ssh/id_rsa.pub)

You’ll also want to create an authorized key file by copying the public key into authorized_keys. We also need to make sure to set the proper permissions.

$ cd ~/.ssh
$ cp id_rsa.pub authorized_keys
$ cd ~/
$ chmod 755 .ssh
$ chmod 644 .ssh/*

By using the key pair shown in the configuration above you only have to supply the SSH username, otherwise if you don’t want to use key pairs, you can instead provide your SSH password with the following line:

define('FTP_PASS', 'password');

Make sure that the folders where updates (such as plugins) will need to be performed are writable by wordpress. From there when you click “upgrade automatically” it should just simply happen.

4 comments

  1. Evert Mouw says:

    Works for me.

    I use FTP_HOST = localhost and because it’s my own server, I just use the primary RSA keys in /etc/ssh

    Also, I use, in the web directory of my Ubuntu server:
    chgrp -R www-data .
    chmod -R g+w .

    Thanks!

  2. It worked for me (VPS running CentOS 5.5, Nginx), and I didn’t need to make the changes that Evert made.

    Thanks so much!

  3. kbeezie says:

    Well normally if you’re using PHP running as root (like I did for a while, but php-fpm doesn’t let you run as root), then you wouldn’t need to chown the webroot to a different user, as root controls all. However if you’re running php as a different user such as www-data, or nobody, you’d have to change the ownership/permission of the files to allow it to work.

  4. Thanks this is great. I agree, no reason to use ftp on VPS. Wonderful solution to let you keep site updated easily without having to compromise and use ftp.