Learn how to force WordPress to use the filesystem instead of FTP to handle files.

How to stop WordPress from asking for FTP/SFTP credentials when installing a plugin or theme

After deploying a WordPress site to one of my VPS and trying to install a plugin in this environment, the mentioned dialog of Wordpress appeared and it claims that "To perform the requested action, WordPress needs to access your web server. Please enter your FTP credentials to proceed. If you do not remember your credentials, you should contact your web host".

There are some technical points that cause this issue and may not be of interest for regular users (regular users will endup probably asking the server administrator for the FTP credentials as it's way easier and secure). Yes, it seems to be way safer for the system as it's a pretty good security measure so possible exploits or hacks of plugins from untrusted sources cannot modify hosted files in your server.

However, if you are a developer and you know about file permissions in the Linux environment and you're facing this issue, you may probably have assigned the permissions already to the wp-content/plugins directory so WordPress can install the plugins without the permissions problem, but, the problem persists right? In this article, I will provide you with a technical explanation of the problem and how to solve it.

Why does this happen?

This dialog is triggered when the filesystem classes of WordPress are used. In this case, when trying to install a plugin or theme, the content of the plugin needs to be extracted to wp-content/plugins or in case of a theme in wp-content/themes right? So, the code of the method get_filesystem_method:

/**
 * Determines which method to use for reading, writing, modifying, or deleting
 * files on the filesystem.
 *
 * The priority of the transports are: Direct, SSH2, FTP PHP Extension, FTP Sockets
 * (Via Sockets class, or `fsockopen()`). Valid values for these are: 'direct', 'ssh2',
 * 'ftpext' or 'ftpsockets'.
 *
 * The return value can be overridden by defining the `FS_METHOD` constant in `wp-config.php`,
 * or filtering via {@see 'filesystem_method'}.
 *
 * @link https://wordpress.org/support/article/editing-wp-config-php/#wordpress-upgrade-constants
 *
 * Plugins may define a custom transport handler, See WP_Filesystem().
 *
 * @since 2.5.0
 *
 * @global callable $_wp_filesystem_direct_method
 *
 * @param array  $args                         Optional. Connection details. Default empty array.
 * @param string $context                      Optional. Full path to the directory that is tested
 *                                             for being writable. Default empty.
 * @param bool   $allow_relaxed_file_ownership Optional. Whether to allow Group/World writable.
 *                                             Default false.
 * @return string The transport to use, see description for valid return values.
 */
function get_filesystem_method( $args = array(), $context = '', $allow_relaxed_file_ownership = false ){ /* */ }

Tries to create temporary file in the wp-content directory. If the creation fails, then the method that will be used to work with files will be through FTP.

Solution

So, the problem is indeed that the current process owner (the one that runs WordPress like apache or PHP ) doesn't have the right to write directly to the root wp-content directory. However, if you said that you already fixed the permission for the wp-content/plugins and wp-content/themes using chmod, then you need to force WordPress to use the native filesystem. You can do this by declaring the following directive in your wp-config.php file:

define('FS_METHOD', 'direct');

After forcing the usage of the filesystem, the dialog won't appear anymore and the installation of plugins and themes will succeed if and only if the permissions of the mentioned directories grant access for the user that runs the WordPress process.

If after this modification the installation of plugins and themes fail, you need to adjust the permissions of the wp-content/plugins and wp-content/themes directories. You can determine which user is running the WordPress service by running the following PHP code in your WordPress instance:

<?php 
    // for example "www-data"
    echo(exec("whoami")); 
?>

Then adjust the permissions for every directory with chown:

sudo chown -R www-data:www-data /wp-content/plugins

sudo chown -R www-data:www-data /wp-content/themes

Happy coding ❤️!


Senior Software Engineer at Software Medico. Interested in programming since he was 14 years old, Carlos is a self-taught programmer and founder and author of most of the articles at Our Code World.

Sponsors