How do I enable Wordpress to update itself through its back end?

Posted September 30, 2013 69k views
On hosts where I didn't have the control over the server that I have now, I could update Wordpress' core, plugins, themes and the like from Wordpress' back end. Now, running multiple sites on virtual servers, if I try to update something, I get the following prompt: To perform the requested action, WordPress needs to access your web server. Please enter your FTP credentials to proceed. Under that are boxes for the Hostname, FTP User, and FTP Password, and then radio buttons for FTP or FTP (SSL). I've tried the IP address of my server, the name of my server, 'localhost', and the domain name of the site I'm trying to update - none of which work. I'm able to log in to FTP (SSL) with Cyberduck with user/password when pointing to the server's IP, but it seems Wordpress doesn't know what to do with that. Could someone help me fix this problem?
1 comment
  • I don’t even have an FTP server, as I’ve soly been using Win SCP port 22 to upload and download files using explorer mode. I’m running an Ubuntu 16.04 SSD VPS, which would probably translate to a droplet in DO terms.
    I tried adding # adduser wordpressuser www-data

    chown wordpressuser:www-data -R /var/www/html


    The same thing still kept happening.

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

24 answers
Bingo! Permissions problems, indeed!

Easy fix, my friend:

sudo chown -R www-data:www-data /var/www
Thanks, ethan.

As far as I know, apache should be running as 'www-data'. Try allowing www-data to write to /var/www/

sudo chgrp -R www-data /var/www/

sudo chmod -R g+w /var/www/
find /var/www/ -type d -exec chmod g+s {} \;

The first command changes the group owernship of every file in /var/www/ to be owned by the group 'www-data'. The second command allows members of the file's group to write to the file (+w). The third command searches for directories in /var/www/ and sets setgid so that new subdirectories/subfiles are also owned by the group 'www-data'.

Please let me know if that helps.

  • In addition to the above permission settings, I also had to add this line to wp-config.php:

    define( 'FS_METHOD', 'direct' );

    The two things together solved this problem.

When you installed WordPress, did you follow a guide? If so, which one?

If not, give us a few more details to be able to better assist, e.g. OS and webserver?
I recommend not using FTP but allowing Wordpress to write the files directly instead.

What OS are you running and did you follow an article on installing Wordpress?
I'll see if I can give you a good idea of what I did. I installed LAMP on Ubuntu 12.04.

I eventually found out I could put multiple sites on one droplet, so that was the first step. This is the guide I followed for the Wordpress installs, at least in terms of /sites-available/ and /sites-enabled/ :

Now, it should be mentioned that the sites I was installing were migrated from other hosts, and as I was installing them, I wasn't sure how to set up the DNS stuff with DO.
I didn't install Wordpress through the command line, but after I got the SSH user set up, I used FTP to upload all the my files to the directories I wanted them to go into (/var/www/, and Sequel Pro to install their databases. Then I used this script ( to make sure that all the instances of the old domain in the database had been updated with serialized instances of the new domain.

So far so good, as everything is working without a hitch. The only thing that isn't is the Wordpress updater. Kamal, I'm with you - I really don't want to FTP in and upload new files myself all the time. I'd rather let Wordpress write the files itself - but for whatever reason, when I ask it to, that's when it says, "To perform the requested action, WordPress needs to access your web server. Please enter your FTP credentials to proceed."

Is there any more information you need?
by Justin Ellingwood
WordPress is a popular content management system (CMS) that can be used to quickly launch blogs and websites. In this guide, we will discuss how to launch two separate blogs, each associated with their own domains, from one VPS.

Thanks for your reply. I did all those things, and I am still seeing the when I try to update plugins or a theme from within Wordpress:
...I've tried the server's IP, the server's name, my domain name, localhost...

None of them seem to work. I'm pretty stumped.
This definitely sounds like a permissions problem. Can you paste onto Pastie the output of ls -la /var/www; and provide us w/the link?
Thanks for the help guys, like I said - I am so stumped.
Try following this article: (you just have to tell Wordpress to write directly and not use FTP)

Does that fix it?

This blog post may help you out :)
Permissions solved it! NICE! OK - well, if I add other sites to this server, how do I prevent this problem in the future?
"... I used FTP to upload all the my files to the directories I wanted them to go into ..."

Don't ever do that, again (believe me; many of us have learned that we should not use FTP -- which is hella insecure -- the hard way). SFTP is the way to go. I'd recommend FileZilla with SSH keys.
Ah, I apologize - I have been using SFTP! I connected via root with my server's password over SFTP on Cyberduck. Is that going to be ok?
...and is that what was creating the permissions problem? should I run that sudo chown -R www-data:www-data /var/www script whenever uploading a new site?
Sorry to spam this now - not my intent - but I am not sure how to create directories that are automatically owned by www-data. I think if that was solved, I would be golden.
" to create directories that are automatically owned by www-data."

I've never really thought this through, but I wonder if doing so (assuming it's possible) would present some security risks? Given that not only WordPress, but your webserver also operates under the www-data user account -- what if your sites were hit by a DDoS attack?

You wouldn't want the hijacker to be able to start creating additional directories on your server.
Hey Pablo,

If it is a security risk, then would this be the best method for fixing the issue? I'm also facing the same issue myself and I've been searching for countless hours for the most reasonable, yet, most secure way of fixing this issue.
See for a more secure method on allowing Wordpress's auto-update functionality to work properly.
I am having this same issue but I am wondering if I can use the same solution with my set up.

I have LEMP stack and installed wordpress via this tutorial,

I also ran, ls -la /var/www as Pablo suggested before and this is what I got,

Should I also run, sudo chown -R www-data:www-data /var/www ?

by Etel Sverdlov
WordPress is a free and open source website and blogging tool that uses php and MySQL. It was created in 2003 and has since then expanded to manage 22% of all the new websites created and has over 20,000 plugins to customize its functionality. This tutorial shows how to install WordPress on a server with LAMP. It is written for Ubuntu 12.04.

Running this command fixed the “Must connect via FTP / SFTP / SSH2” message:

sudo chown -R www-data:www-data /var/www

I would recommend to disallow all writing permissions for the www-data user and use the wp-cli command line tool ( to update Wordpress yourself (or with a cron job). You can also use wp-cli tool to install themes and plugins. The only times when you need to enable writing for the www-data user is when there is a version update (like from 4.2 to 4.3), otherwise these kinds of upgrades don’t work with wp-cli, but afterwards you can disable writing permission again. On minor version upgrades the command line tool works like a charm.

By doing that, if one of your sites is ever hacked they won’t be able to change any files in the server (like injecting malicious code in php files).

I wrote a blog post with security tips for Wordpress:

Submit an Answer