Posted by Brian @ 11:50 pm on December 4th 2010

How to configure WordPress for automatic ftps updates using vsftp in Ubuntu

This is a complete guide for setting up WordPress to do secure ftps updates under Ubuntu, tested under Ubuntu 10.10. I assume you have a working WordPress installation and sudo access on the server. If you have any ideas for improving the security of this, please let me know and I’ll update the guide.

Install the vsftp server software:
sudo apt-get install vsftpd

Edit the configuration file for vsftpd to enable ftps:
sudo vi /etc/vsftpd.conf
The following is my entire vsftp.conf file; I shut down anonymous access and even changed the port that vsftpd listens on to throw off low-level script attacks. I stripped out all the nice comments in the file to make this howto a bit more readable. If you paste this in be sure to delete everything else or make sure there aren’t any duplications:
listen=YES
anonymous_enable=NO
local_enable=YES
write_enable=YES
local_umask=022
dirmessage_enable=YES
use_localtime=YES
xferlog_enable=YES
secure_chroot_dir=/var/run/vsftpd/empty
pam_service_name=vsftpd
rsa_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
rsa_private_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
ssl_enable=YES
allow_anon_ssl=NO
force_local_data_ssl=YES
force_local_logins_ssl=YES
ssl_tlsv1=YES
ssl_sslv2=NO
ssl_sslv3=NO
anon_world_readable_only=NO
anon_upload_enable=NO
anon_mkdir_write_enable=NO
connect_from_port_20=NO
listen_port=2112

Now start the vsftp server:
sudo start vsftpd

Add a bit of code to the wp-config file to enable uploads:
sudo vi /var/www/wp-config.php
Add the following code to the end:
if(is_admin()) {
add_filter('filesystem_method', create_function('$a', 'return "direct";' ));
define( 'FS_CHMOD_DIR', 0751 );
}

Now create the ftps user, making their default directory our web directory:
sudo adduser ftps --home /var/www
NOTE: Don’t worry about the warning about the home directory and give the ftps user a good, solid password. Use nonsense words, spaces, and characters like %,$,#. Store the password somewhere safe as you’ll be using this user and password to update WordPress.

Add the ftps user to the www-data group:
sudo vi /etc/group
In that file look for this line:
www-data:x:33:
and add the ftps user to the group by adding ‘ftps’ to the end of that line:
www-data:x:33:ftps

Change the www directory and all files in it to be owned by the www-data group
sudo chgrp -R www-data /var/www

Make the www directory writable by the www-data group
sudo chmod -R g+w /var/www

You can now do updates automatically. Host is the name of your website, plus the following “:2112” – so if your website was foobar.com, you’d do this:
foobar.com:2112
Username is “ftps” and the password is what you chose earlier. Be sure to select “ftps” as the option. Enjoy!

17 Comments »

  1. Hi!
    I followed all your instructions, except that I didn’t use /var/www but /home/antonio/public_html/wordpress instead, I have few questions:
    Plugins and Themes download and apply work but WordPress doesn’t ask me for FTP user name & password, why?
    When WordPress updated Akismet plugin it changed owner from antonio to www-data, so now I can’t delete that directory nor files inside without using sudo from another user who has root privileges. The same is for newly downloaded Themes. How can all that be set up to work correctly?
    I’m using Ubuntu Server 10.10 64-bit

    Comment by Antonio — January 22, 2011 @ 5:40 pm

  2. Hi Antonio-

    You must already have entered your SFTP username and password. I only had to enter mine once.

    You should read up on Linux permissions to better understand what is going on. My instructions weren’t intended for running from a public user directory as you’re doing, rather from the Apache root directory (generally /var/www). The permissions are working correctly; your user not being able to delete that directory is what you want. Think about it from the perspective of protecting your server from hacking. If you really don’t care about such things, adding your user to the www-data group should allow you to delete the directories in question, but again, I wouldn’t advise it, as it would mean that someone compromising your user account could put malicious code on your server and/or delete files, etc. Requiring root/sudo in this case is a wise second level of security.

    Best of luck.

    Comment by Brian — January 22, 2011 @ 6:18 pm

  3. Thanks man. A really good guide. Worked like a charm.

    Comment by Henrik — March 19, 2011 @ 8:54 am

  4. I do not suppose that you may well have the ability to turn this post into a video post? I’ve a tough time studying on my computer and also a video will be considerably greater for me.

    Comment by Face Tattoos — April 16, 2011 @ 10:12 pm

  5. I wish I had the time to, but I’m afraid I don’t. You might consider hiring a wordpress freelancer, or even a contract Linux system administrator to do the work if you find it too difficult. Best of luck!

    Comment by Brian — April 17, 2011 @ 10:27 pm

  6. Thank you so much!!! I did everything you said and it works perfect!

    Comment by kitsonas — May 2, 2011 @ 10:12 am

  7. Thanks Brain, I’ve just followed this to the letter, no problems at all worked straight away! Thanks for taking the time to write it, I was a bit lost with all this until I came across your post. It’s nice to see an article that doesn’t skip anything, even the smallest most obvious bits, it’s great for beginners like me.

    Comment by Mark — September 2, 2011 @ 8:56 am

  8. Thanks Brian, I’ve just followed this to the letter, no problems, it all worked straight away! Thanks for taking the time to write it, I was a bit lost with all this until I came across your post. It’s nice to see an article that doesn’t skip anything, even the smallest most obvious bits, it’s great for beginners like me.

    Comment by Mark — September 2, 2011 @ 4:30 pm

  9. THANK YOU VERY MUCH this definitely helped a whole lot.. to the person reading this, FOLLOW THE INSTRUCTIONS TO THE “T”

    Comment by RoGUE — April 18, 2012 @ 6:02 pm

  10. Great article!
    Thank you, Brian!

    Comment by Yuri — May 6, 2012 @ 10:37 am

  11. I very rarely leave comments, but my hats off to you sir.

    I followed your instructions and everything worked perfectly. THANK YOU SO MUCH for posting this.

    -Josh

    Comment by Josh — June 15, 2012 @ 10:40 am

  12. Just a couple of comments.

    WordPress does the downloading under the server user so the FTP access is required to copy the downloaded plugin etc over to the right user configuration. All that is transferred from the client is the password, although it is crucial that this is encrypted.

    I implement vsftp under xinetd rather than having a rarely used process waiting about. So listen=NO and you can forget the listen_port. But the crucial change is to add a line:

    require_ssl_reuse=NO

    or you will get an error in the logs and nothing will happen.

    Anyway it works!

    Comment by Loggy — April 13, 2013 @ 4:11 am

  13. I had been fighting this problem off and on for a month. Finally found this page and solved in less than 10 minutes! Thank you for the detailed instructions.

    Comment by Tim — September 16, 2013 @ 2:08 pm

  14. GREAT JOB! I was stuck on this for days and with you’re guide, had it running in 10 minutes.

    thank you!

    Comment by Austin — January 7, 2014 @ 12:32 pm

  15. Thanks for this! Saved my day.

    Comment by Flo — June 16, 2014 @ 6:14 am

  16. Thanks Brian! After many hours of frustration, I saw this post and was able to get FTP working for updating themes and plug-ins.

    Comment by Kez — September 23, 2014 @ 9:58 pm

  17. Perfect Instructions, that helped a lot! Many thanks to the Publisher.

    Comment by Andreas Neubauer — December 26, 2014 @ 2:03 pm

RSS feed for comments on this post. TrackBack URI

Leave a comment