Why does WordPress need FTP credentials to install a plugin?

  • PHP can install code from the web using curl; I don’t understand why WordPress needs to give it FTP credentials which just go to the same server it’s on.

Viewing 3 replies - 1 through 3 (of 3 total)

  • You are mostly right. PHP can use CURL to download and install, but onyl if the web user (on the server, not in WordPress) has the required permissions to do so. On a lot of servers the web user doesn’t have the required permissions to download/update files, so WordPress uses FTP as a fallback when it can’t do it the “easy” way.

    Thread Starter davehprohoods

    (@davehprohoods)

    I see. So since the web user (apache) has full r/w permissions (and I know how to fix it anyways if it doesn’t), is there not a switch I can flip so it falls back on the “easy” cURL way? How is it determining that it can’t do it that way?

    Not that I know of. You can heck the soruce code to see how it does it’s checks, but from what I’d guess it would use one of the more generic PHP functions (like is_writable() or touch()) to determine if the system will allow it to write to the file system. It may be worth adding in a test page to check, something like…

    <?php
if (touch ('test.tmp')) {
    echo "Writable!";
}
else {
    echo "Not writable.";
}

    That will tell you if the system has the write permisions, and if it doesn’t you can fix that.

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘Why does WordPress need FTP credentials to install a plugin?’ is closed to new replies.