SFTP Account for Wordpress

Wordpress requires an SFTP account for uploading and installing plugins to itself. I understand how to create a SFTP account by creating a server user account, but what sort of steps do I need to go to secure the wordpress account so it can only modify the correct directories (plugins, themes, etc) in the wordpress directory and so the system user can't possibly do anything but upload and manage files in those folders?

3 Replies

No, Wordpress requires the PHP user to have write access to the folder Wordpress is in. If it doesn't have that, you can use the SFTP (or FTP) credentials of the user that owns the Wordpress files. SFTP is through SSH, so look into SFTP jails:https://library.linode.com/security/sftp-jails

Thank you! I was wondering why my installation needed FTP.

I'm a bit of a newb to server management, so is there anything I need to know about giving PHP write access or should I just do something like this?

chmod www-data 755 /srv/www/DOMAIN/public_html/

If PHP runs as www-data 755 should be good,though you should probably use chmod -R to do it recursively. I personally use chmod 710, but this may not work with your set up.

You're gonna want to run chown to change owners by the way, and chmod for the permissions (755)


Please enter an answer

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (https://www.google.com)

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Community Code of Conduct