SSH provides a significantly more secure way of updating WordPress files and plugins or performing new plugin installations. Three immediately obvious advantages of SSH over FTP are:
1. Your username and password is encrypted. FTP sends them as plain text!
2. Data being transferred is encrypted. No encryption with FTP.
3. Some web hosts don’t allow the use of FTP.
Here, I explain how to enable WordPress to use SSH for all updates and installations.
Install Process For SSH2
You first need to check if the PHP extension “SSH2” is installed on your server or not by running the following command:
php -m | grep ssh2
If it returns “ssh2”, that means it is installed. You should proceed to the next section and create a public and private key pair.
If it returns nothing, then complete the steps in my previous post to install ssh2 for php. After completing those steps, proceed to the next section and create the key pair.
Create a Public and Private Key Pair For WordPress.
On the command line on your server, log in as the user that has access to the site. Then run this command:
You will be asked for the name of the file. You can leave it blank or enter any custom name. If you leave it blank, the file names will be id_rsa.pub and id_rsa. Also you can set a passphrase to add additional security or can leave it blank.
By default, the SSH keys are generated and kept in the .ssh directory in the root directory. Now, we need to add the public key to the authorized_keys file:
cd .ssh cp id_rsa.pub authorized_keys
Then we modify permissions to give WordPress access:
cd ../ chmod 755 .ssh chmod 644 .ssh/*
Now, when you log into the WordPress admin dashboard and perform an action that requires a file transfer operation, such as installing or updating a plugin, you should be presented with more options for the connection type. Besides FTP, which was previously there, you should also have the SSH2 option. If you select SSH2, more fields will be added to the form.
The form will look like this:
Here “user” is the SSH username you used to log in and perform all the commands and the required password is the passphrase you were asked to set during the ssh-keygen command.
If you did not choose any passphrase, you should keep the password field blank. To avoid entering this data repeatedly, append the following lines of code to your wp-config.php file:
define('FTP_PUBKEY','/home/user/.ssh/id_rsa.pub'); define('FTP_PRIKEY','/home/user/.ssh/id_rsa'); define('FTP_USER','user'); define('FTP_PASS','passphrase'); define('FTP_HOST','yourdomain.com');
Going forward, WordPress will perform all file transfer operations using SSH2 and you won’t even have to manually authenticate!