[HacktionLab] Wordpress file permissions and ownership: command line versus dashboard

[Christian Wach]

Aaand now resend to the list on account of the Mailman reply-to set up round these 'ere parts…

On 1 Apr 2014, at 21:43, Marcus Valentine <marcus at marcusv.org> wrote:

> As as far as I am aware, for wordpress core upgrades, installation of plugins, themes etc to work through the WP dashboard, all files need to be owned by web-server user.

Yep, this is a common misconception :-)

> WP admins also on occasion want to add their own self-written themes, plugins via sftp etc.

Quite so… 

> Has anyone figured out a permissions scheme that satisfies both requirements?

First off, if FTP is available and everything is owned by the FTP user, all you have to do is chuck the FTP credentials into wp-config.php like this:

define('FTP_HOST', 'locahost');
define('FTP_USER', 'ftp-username');
define('FTP_PASS', 'ftp-password');

Updates will work as expected and people can access the file system via FTP if they want to upload their own stuff. You will probably have to make wp-content/uploads and wp-content/upgrade world writable, however.

If you don't want to enable FTP (which would be understandable) and prefer to (or have to) use SFTP, check out:

http://wordpress.org/plugins/ssh-sftp-updater-support/

For SSH updates without a plugin try this tutorial:

http://wpforce.com/wordpress-tutorial-ssh-install-upgrade/

Cheers,

Christian