When you are running your WordPress blog in development, probably on your home or work machine you will need to be able to update plugins, themes and WordPress itself. When you attempt to update a theme, wordpress or plugin you may get “WordPress needs to access your web server. Please enter your ftp credentials to proceed”
This is not a well documented issue, although there are lots of forum posts out there trying to work it out.
I run on a Mac, currently OS X Lion 10.7.4 and use MAMP to run my Apache, MySQL and PHP setup. This means that I do not run an FTP server to the outside world, my internal network is not accessible. Today I tried to update one of my dev sites to WordPress 3.4.2 and the new Themes that came with it. Imagine my surprise when I got the following request from WordPress on screen.
“WordPress needs to access your web server. Please enter your ftp credentials to proceed”
Like I said, I dont run an FTP server WordPress, so what do I do? After a bit of Googling I found out that there are probably 2 issues, and 2 workarounds I was happy with.
WordPress can’t write to the filesystem
1) WordPress can’t get access to the file system to do the appropriate write commands on the files.
Whenever WordPress updates it has to physically write files on the server, essentially overwriting itself. This is a big security issue if you dont have the right setup, because a hack may make these files vulnerable, or turn them nasty.
Sure that’s ok, my Apache runs under _www account and I am called dloxton. I can change this with a chown command and make all the files in the WP directory match up with apache and then everything should be right, right? Nope because that then means I would need to add my local account to the files too so I can edit them.
And, as above, I don’t like this because its a potential security hole, one that you wouldn’t really ant o do on your live server. I also don’t want to messa round with finely tuned server setups, after all that’s what I pay my host for!
WordPress assumes you are on a public server
2) WordPress doesn’t really know, understand, or care that developers have needs too.
You can however help WordPress discover that it should just get on with it, and there is a solution:
Add this to your wp-config.php, it forces WordPress, under a more restrictive Linux file system, to write directly to the folder.
This stops the FTP details screen from appearing and WordPress was able to update just fine.
Stop WordPress from checking
3) You can also stop the check in the WP core.
The following code is from the
get_filesystem_method() method in the
This code attempts to create a temporary file. It then confirms that the file is the same owner as the owner of the script being run. i.e. does the filesystem match the web server permissions.
You could then, take out this snippet and replace it with a simple
This isn’t ideal, because as soon as you have run a core update this fix will insert itself back in and WordPress will be back to its old tricks.
Do you have any other workarounds? let us know in the comments!