Can't Install Or Update Wordpress Plugins

September 12, 2014 15.6k views

I've checked around the web quite a bit for a solution to this, but despite a lot of people having the issue, as well as there being answers, nothing seems to work for me. For whatever reason, I can't install, or update plugins. When I attempt to, I'm met with an ftp login on the Wordpress page, which from my understanding means that my persmission or owner is wrong.

I've tried:

-Setting my settings on wp-content to 777 (temporarily of course)
-sudo chown -R myuser:www-data /var/www/anightinburlington.com/public_html/*

Neither of those worked, and I'm not sure what's wrong. I'll be here all day, speakers loud, email notifications ready - if anyone could help, I'd be more than thankful!

1 comment
  • So I double-checked, and triple-checked my settings, and all permission / owners / etc are proper. I added my custom port (which I know works due to ftp) to the wp-config file, and I followed the rest of the tutorial / comments to the detail. I even tried deleting my keys, and making new ones - nothing works.

    I'm going insane trying to figure this out. Is there anything else that could stop this from working? My server block location settings? I'm completely out of ideas, and I absolutely need this fixed. I've spent an entire day without luck, and I'm fried / frustrated.

7 Answers

Hi there,

Hopefully this isn't still and issue for you, but I recently came across the same problem...

In my case my permissions where correct.

The fix for me is to add a line into wp-config.php, adding the following fixed it all.
define('FS_METHOD', 'direct');

Hope that helps someone in the future.

This tutorial should walk you through all of the steps:

How To Configure Secure Updates and Installations in WordPress on Ubuntu

Let me know if you still have issues after running through that tutorial :)

by Justin Ellingwood
WordPress is the most popular content management system (CMS) on the web currently. While WordPress can be a great way to manage you content, there are some very insecure configurations that are given throughout the internet. This article will cover how to set up secure updates and installations using SSH keys instead of FTP, which is an inherently insecure protocol.
  • Thanks for the link, following the tutorial now. A quick question:

    On the step that has me change directory and set the owner for /var/www, my Wordpress installation is contained here:


    I serve the site on the root, but the install is in the wordpress folder. I assume I change that step to change ownership to the new user, just for the wordpress folder?

According to your tag I think you're using nginx as webserver. Did you try the following ?

sudo chown -R nginx:nginx /var/www/anightinburlington.com/public_html/

  • I am using nginx, and I hadn't tried that setup, for security reasons, as I wanted to keep things separated as the above tutorial suggests.

    I followed the tutorial, and believe I'm nearly there, but I get an error when trying to update the plugins. The tutorial has me use port 22, but I followed this tutorial last week, which might conflict with that. I changed my port settings in /etc/ssh/sshd_config, as the tutorial suggests. I now log in with an ssh key stored on my computer, through that different port. Would that port need to be used in place of 22? If so, I tried that, and it said the key didn't match, which could be a number of issues.

    by Etel Sverdlov
    This tutorial covers how to login with root, how to change the root password, how to create a new user, how to give the new user root privileges, how to change the port, and how to disable root login in. This tutorial is written for Ubuntu. When you first create your server, this tutorial explains the first steps you need to take. This tutorial is written for Ubuntu 12.04.

So I read up on the situation more, and I indeed had more steps to take. I had to add my new wp-user to the list of ssh users in the config (done), and had to change the port in wp-config to my new port (done). Despite reading every single comment on the page, restarting nginx php5-fpm, and ssh, I still get the error that the keys are inccorect:

Public and Private keys incorrect for wp-user

The only thing I can think of, is that I got the below error when creating my new user, and setting an empty password:

authentication token manipulation error

The "user" I created is just wp-user, does this user need to be the same name as the user I log into wordpress with? (this wasn't specified anywhere in the tutorial)

Is that normal when you create a user and don't assign a password? I'm completely stumped at this point, and am at a dead end - any ideas?

  • I'm pretty similar to you.

    I'm using ngenix (swapped from apache) and can install themes or plugins via the internet but uploading doesn't work (minor detail).

    But as for public and private keys, they should be similar to this if you followed the tutorial because it's where you set up your keys.
    Public - home/youruser/wp_rsa.pub
    private - home/youruser/wp_rsa

    (eg. home/wp-user/wp_rsa.pub)

  • Check auth.log for more details on why it wouldn't log you in:

    sudo tail /var/log/auth.log

    The "user" I created is just wp-user, does this user need to be the same name as the user I log into wordpress with? (this wasn't specified anywhere in the tutorial)

    No, it can be anything you want.

  • Aha! I ran that log, and at first saw nothing. I then tried having wordpress update, and ran it again. It said that the user wp-user could not use the key, because that user account was locked. I believe the user account got locked at one point when I didn't realize I was logged in as the user, and tried to access a file that only my other user could use.

    I can show a print screen for specifics if needed, though I don't know what's sensitive data and what's not, so I'll assume that my user being locked is the culprit. I'll Google how to unlock a user when I get back (leaving until Sunday), but if anyone could drop any info / links for me to read when I get back, that would be excellent.

    Thanks for teaching me that command, that's presumably a life saver for me.


    I tried to unlock the account, by simply using:

    sudo passwd wp-user

    However, it asks me to set a new password, and that password is supposed to be empty. After 3 attempts of setting it to nothing, it gives me an error:

    authentication token manipulation error.

    It seems it won't let me set the password to nothing for this user, despite that being the instructions of the tutorial. The password is now set to something else temporarily, as I tried to change it to something, then back to nothing, but that didn't work. It seems I need to find out how to set the password of an already created account to nothing, or, start the tutorial from scratch after removing the user and all files.

Holy crap I solved it. I would still like some helping sorting out WHY this is the issue, but I fixed it.

For whatever reason, my setup is NOT letting me create a user with an empty password. I tried making a new user, with no password, same issue. I then gave my user a password, and applied it to the wp-config for the ssh connection, and everything works. Whenever I try to create a user on a LEMP stack, (Ubuntu 14.04), I get:

authentication token manipulation error.

If anyone else is getting that error, and has done everything else I mentioned in that thread, that's likely the cause. Simply set a password for your created user upon creation, or update it via:

sudo passwd YOUR_USERNAME

Be sure to then update your wp-config file to use that password, rather than the '' for the empty password.

I had the same problem, I was selecting FTPS (I was pretty sure it was correct), so I tried SSH2 without authentication keys and it worked.

  • It is recommended to make the document root and the WordPress files in it writable by the Nginx daemon which is running as user "www-data" and group "www-data".

    Otherwise WordPress and its plugins cannot write configuration files.

    sudo chown -R www-data:www-data /var/www/www.example.com/web

    Of course, swap www.example.com/web so that its relevant to your setup.

    When setting up the initial MySQL> you may also like to try the following:

    mysql -u root -p

    GRANT ALL PRIVILEGES ON wordpress.* TO 'wp_admin'@'localhost' IDENTIFIED BY 'wp_admin_password';

    GRANT ALL PRIVILEGES ON wordpress.* TO 'wp_admin'@'localhost.localdomain' IDENTIFIED BY 'wp_admin_password';


    Of course, your mileage may vary.

    Your welcome...



Have another answer? Share your knowledge.