Can I install/update WordPress plugins without providing FTP access?

0 votes
asked Mar 12, 2009 by user77413

I am using WordPress on my live server which only uses SFTP using an SSH key.

I want to install and upgrade plugins, but it appears that you are required to enter your FTP login to install the plugins. Is there a way to install and upgrade plugins by manually uploading the files instead of having WordPress handle the entire process?

22 Answers

0 votes
answered Jan 12, 2009 by toby-allen

Usually you can just upload your plugin to the wp-content\plugins directory. If you don't have access to this directory via SFTP I'm afraid you may be stuck.

0 votes
answered Jan 12, 2009 by d-lambert

WordPress 2.7 lets you upload a zip file directly (there's a link at the bottom of the plugins page) -- no FTP access needed. This is a new feature in 2.7, and it works for plugins only (not themes yet).

0 votes
answered Jan 14, 2009 by sudar

It is possible to use SFTP or SSH to auto update Plugins in WordPress, but you need to have ssh2 pecl extension. You can find out how to do it, using the following tutorial

0 votes
answered Jan 14, 2009 by schoffelman

We use SFTP with SSH (on both our development and live servers), and I have tried (not too hard though) to use the WordPress upload feature. I agree with Toby, upload your plugin(s) to the wp-content/plugins directory and then activate them from there.

0 votes
answered Jan 27, 2011 by kaysa

The answer from stereointeractive covers all the options. Just wanted to mention an alternate way of using FTP. I'm guessing that the reason you are not allowing FTP access is for security. One way to address those security concerns is to run your FTP server listening only on 127.0.0.1

This allows you to use FTP from inside WordPress and you will be able to install plugins while not exposing it to the rest of the world. This can also be applied to other popular web applications such as Joomla! and Drupal. This is what we do with our BitNami appliances and cloud servers and works quite well.

0 votes
answered Mar 13, 2011 by stereoscott

WordPress will only prompt you for your FTP connection information while trying to install plugins or a WordPress update if it cannot write to /wp-content directly. Otherwise, if your web server has write access to the necessary files, it will take care of the updates and installation automatically. This method does not require you to have FTP/SFTP or SSH access, but it does require your to have specific file permissions set up on your webserver.

It will try various methods in order, and fall back on FTP if Direct and SSH methods are unavailable.

https://github.com/WordPress/WordPress/blob/4.2.2/wp-admin/includes/file.php#L912

WordPress will try to write a temporary file to your /wp-content directory. If this succeeds, it compares the ownership of the file with its own uid, and if there is a match it will allow you to use the 'direct' method of installing plugins, themes, or updates.

Now, if for some reason you do not want to rely on the automatic check for which filesystem method to use, you can define a constant, 'FS_METHOD' in your wp-config.php file, that is either 'direct', 'ssh', 'ftpext' or 'ftpsockets' and it will use that method. Keep in mind that if you set this to 'direct', but your web user (the username under which your web server runs) does not have proper write permissions, you will receive an error.

In summary, if you do not want to (or you cannot) change permissions on wp-content so your web server has write permissions, then add this to your wp-config.php file:

define('FS_METHOD', 'direct');

Permissions explained here:

0 votes
answered Jan 8, 2012 by chrismanderson

Resurrecting an old thread, but there's a fantastic new plugin called SSH SFTP Updater Support that adds in SFTP capabilities without needing to edit your wp-config.php file. Also, Wordpress's SFTP implementation relies on some somewhat obscure PHP modules that are often not enabled on servers; this plugin packages a different PHP SFTP plugin so you don't have to configure anything on the Apache side.

I had run into tons of problems getting SFTP support to work - this plugin solved all of them and is just fantastic.

0 votes
answered Jan 12, 2012 by mikermcneil

If you're on Ubuntu, a quick solution that worked for me is giving ownership to the Apache user (www-data by default) like so:

cd your_wordpress_directory
sudo chown -R www-data wp-content
sudo chmod -R 755 wp-content
0 votes
answered Jan 16, 2012 by lamy
  1. In wp-config.php add define('FS_METHOD', 'direct');
  2. Make server writable the directories wp-content/, wp-content/plugins/.
  3. Install the plugin (copy the plugin dir into the wp-content/plugins dir).

Worked on version 3.2.1

0 votes
answered Jan 22, 2012 by unc0nnected

As stated before none of the perm fixes work anymore. You need to change the perms accordingly AND put the following in your wp-config.php:

define('FS_METHOD', 'direct');
Welcome to Q&A, where you can ask questions and receive answers from other members of the community.
Website Online Counter

...