I have a development Mac server on my local network that I use for developing new web sites or themes or you name it. My WP sites also run there as well. The problem has been getting WP to update on this server without providing my FTP credentials every time. I finally found a solution.
I spent a lot of time searching online for this. The problem seems to be that of Apache not having permission to write to the WP folders or files. So I searched to double checked how these permissions should be set, verified that _www is the ‘user’ running Apache, reset everything to be owned by the _www group with write permissions, and low and behold it didn’t work. Okay, that was a surprise.
So I decided to verify again that _www really was the ‘user’ running Apache and inserted this at the top of the index.php:
echo(exec("whoami"));Reload the page and yes, ‘_www’ appeared at the top. Don’t forget to remove this if you utilize it.
File and folder permissions are correct (double and triple checked thinking I may have missed something). More searching. Which btw, this seems to be a pretty common frustration for WP admins.
There are many sites promoting the idea of embedding your FTP credentials in the wp_config.php file. What this does is provided the requested info and save you from entering it each time you need to update WP or a plugin. I can see the merit of this yet this is only an issue on my local server. I’d prefer, no matter how safe it may be, to not provide those credentials on the live server, which is why I won’t post that method here. I believer in the best security is that where the info cannot be reached in any way. So to accomplish this you’d have to remember to remove those credentials every time you upload that file to the liver server, or have 2 versions of that file. Neither solution appeals so I kept looking for another.
Something else I’ve seen showing up in searches is another edit to the wp_config.php file. This time it’s to call a built-in WP function to bypass the security for updating the site. I’m not really fond of a security bypass either. However I decided since this is a WP function it would have to be a little more secure than embedding your FTP credentials, since this would only affect your WP installation and not be an open door to the server as FTP would provide.
The function call to add to your wp_config.php file is this:
define('FS_METHOD', 'direct');Here’s what WP has to say about it.
In pondering this I remembered something I used to do at work to restrict certain sensitive tasks to a development server and not for use on a live server. That is to perform a simple check to see which server is running the file in question. If it’s the dev server then perform a certain task. Otherwise it’s ignored. That’s perfect. Not only am I not embedding my FTP credentials, but also the WP function that relaxes security a bit is only called on my dev server. Here’s the code:
if ($_SERVER['SERVER_ADDR'] == 'XXX.XXX.XXX.XXX'){define('FS_METHOD', 'direct');}Of course you need to change XXX.XXX.XXX.XXX to what ever your server local IP address is.
This did the trick for me. Hopefully it will help someone else down the road as well.
Leave a comment, or trackback from your own site.