Technical Notes Of
Ehi Kioya

Technical Notes Of Ehi Kioya

Home » Linux & Servers » WordPress Updates & Installations Via SSH

WordPress Updates & Installations Via SSH

By 1 Comment

SSH provides a significantly more secure way of updating WordPress files and plugins or performing new plugin installations. Three immediately obvious advantages of SSH over FTP are:

  1. Your username and password is encrypted. FTP sends them as plain text!
  2. Data being transferred is encrypted. No encryption with FTP.
  3. Some web hosts don’t allow the use of FTP.

Here, I explain how to enable WordPress to use SSH for all updates and installations.
 

Install Process For SSH2

You first need to check if the PHP extension “SSH2” is installed on your server or not by running the following command:

If it returns “ssh2”, that means it is installed. You should proceed to the next section and create a public and private key pair.
If it returns nothing, then complete the steps in my previous post to install ssh2 for php. After completing those steps, proceed to the next section and create the key pair.
 

Create a Public and Private Key Pair For WordPress.

On the command line on your server, log in as the user that has access to the site. Then run this command:

You will be asked for the name of the file. You can leave it blank or enter any custom name. If you leave it blank, the file names will be id_rsa.pub and id_rsa. Also you can set a passphrase to add additional security or can leave it blank.

By default, the SSH keys are generated and kept in the .ssh directory in the root directory. Now, we need to add the public key to the authorized_keys file:

cd .ssh
cp id_rsa.pub authorized_keys

Then we modify permissions to give WordPress access:

cd ../
chmod 755 .ssh
chmod 644 .ssh/*

Now, when you log into the WordPress admin dashboard and perform an action that requires a file transfer operation, such as installing or updating a plugin, you should be presented with more options for the connection type. Besides FTP, which was previously there, you should also have the SSH2 option. If you select SSH2, more fields will be added to the form.

The form will look like this:

WordPress Via SSH

Here “user” is the SSH username you used to log in and perform all the commands and the required password is the passphrase you were asked to set during the ssh-keygen command.

If you did not choose any passphrase, you should keep the password field blank. To avoid entering this data repeatedly, append the following lines of code to your wp-config.php file:

define('FTP_PUBKEY','/home/user/.ssh/id_rsa.pub');
define('FTP_PRIKEY','/home/user/.ssh/id_rsa');
define('FTP_USER','user');
define('FTP_PASS','passphrase');
define('FTP_HOST','yourdomain.com');

Going forward, WordPress will perform all file transfer operations using SSH2 and you won’t even have to manually authenticate!

Found this article valuable? Want to show your appreciation? Here are some options:

  1. Spread the word! Use these buttons to share this link on your favorite social media sites.
  2. Sign up to join my audience and receive email notifications when I publish new content.
  3. Contribute by adding a comment using the comments section below.
  4. Follow me on Twitter, LinkedIn, and Facebook.

About Ehi Kioya

I am a Toronto-based Software Engineer. I run this website as part hobby and part business.

To share your thoughts or get help with any of my posts, please drop a comment at the appropriate link.

You can contact me using the form on this page. I'm also on Twitter, LinkedIn, and Facebook.

Reader Interactions

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *