Connection Information – FTP credentials

  • Resolved luciche

    (@luciche)


    4 years, 11 months ago

    Hi,
    I’m getting this “Connection Information – FTP credentials” popup https://i.imgur.com/ez3EwSu.png
    and I was wondering what’s the fix for this.

    I’ve got the site hosted on VPS digitalocean and I log in with SFTP https://i.imgur.com/6w7LpVi.png .

    When I add the SFTP credentials I get this- Failed to connect to FTP Server

    I’ve also tried adding this in wp-config.php
    define(‘FS_METHOD’, ‘direct’);

    but I get this error:
    Update Failed: Could not create directory.
    Does anyone have the solution for this?
    Thanks

Viewing 4 replies - 1 through 4 (of 4 total)

  • This is mainly because www-data is not the owner of the wordpress folder and
    hence is not able to write
    This question has been answered on the DO forum,
    Here is the link:-
    https://www.digitalocean.com/community/questions/ftp-for-wordpress

    The easiest way to solve this problem is add the following FTP information to your wp-config.php

    define(‘FS_METHOD’, ‘direct’);
    define(‘FTP_BASE’, ‘/usr/home/username/public_html/my-site.example.com/wordpress/’);
    define(‘FTP_CONTENT_DIR’, ‘/usr/home/username/public_html/my-site.example.com/wordpress/wp-content/’);
    define(‘FTP_PLUGIN_DIR ‘, ‘/usr/home/username/public_html/my-site.example.com/wordpress/wp-content/plugins/’);

    FTP_BASE is the full path to the “base”(ABSPATH) folder of the WordPress installation.
    FTP_CONTENT_DIR is the full path to the wp-content folder of the WordPress installation.
    FTP_PLUGIN_DIR is the full path to the plugins folder of the WordPress installation.

    Please try this

    Thread Starter luciche

    (@luciche)

    Thanks @davidnadar !
    This solved it

    sudo chown -R www-data /var/www/html

    Dion

    (@diondesigns)

    I know you marked this as solved, but it’s not. What you did was open a door to hackers taking over your site. I’d love to know how many people who report hacked sites here have changed file ownership to www-data or nobody, or changed file permissions to 0777/0666 — I’ll bet it’s the majority. Doing this gives your webserver write access to your web filesystem, which means (among many other things) a hacker can use PUT and DELETE requests.

    If you want to solve your problem without compromising security, please look into setting up PHP-FPM, and having it run as your (non-root) SFTP user. That will allow you to upload/modify/delete files using SFTP without the WordPress issues you encountered, but deny the webserver write access to the web filesystem.

    And for what it’s worth, FTP is completely safe if it’s built and configured correctly. Unfortunately the versions in package installers are built for ease of use and not for security. (That’s how FTP got a reputation for being insecure.) Secure FTP requires building the application yourself from its source code, and then creating a secure configuration.

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘Connection Information – FTP credentials’ is closed to new replies.