Letting WordPress users install themes, plugins without FTP credentials

shacker23

Well-Known Member
Feb 20, 2005
263
1
168
I run a WHM server, and lots of users have WordPress sites. WordPress provides an interface for installing plugins and themes directly from the WP Dashboard, without having to FTP them into place. On my server, when they select a theme to install, WordPress prompts for FTP credentials.

On some cPanel hosts, like BlueHost, users are NOT prompted for FTP credentials - the plugin or theme just installs itself, no questions asked. I'm trying to figure out how this is possible so I can offer the same convenience to my WP users. According to this page, it's a simple matter of permissions - if the user "nobody" can write to wp-content/themes, this should "just work." But I can't seem to make it work.

Code:
chown username:nobody wp-content/themes
chmod g+w wp-content/themes
(still prompts for credentials)

Code:
chown nobody:nobody wp-content/themes
(still prompts for credentials)

So, on this test install, perms are currently:

Code:
drwxrwxrwx   6 nobody  nobody 4096 Mar 21 12:00 themes/
but it still doesn't work. What does it take to get this working?

Thanks,
 

shacker23

Well-Known Member
Feb 20, 2005
263
1
168
I had posted a big explanation of how this works, but this forum swallowed my message with "token expired," grrr.

Quick answer: Put this in the user's wp-config.php file:

define('FS_METHOD', 'direct');

and it results in a non-suPHP cPanel server to allow the user-friendly plugin/theme installer to work.
 

Infopro

Well-Known Member
May 20, 2003
17,090
518
613
Pennsylvania
cPanel Access Level
Root Administrator
Twitter
More on WordPress Upgrade Constants



and it results in a non-suPHP cPanel server to allow the user-friendly plugin/theme installer to work.
Not sure this makes sense, but I get the point I think.

After you've made your changes, and uploaded a new theme for example, who owns those files and what are the permissions on them if I may ask? Your server *is* running SuPHP, correct?
 

shacker23

Well-Known Member
Feb 20, 2005
263
1
168
Here are the perms on the folder containing a theme installed in this way:

drwxr-xr-x 5 nobody nobody 4096 Mar 24 09:53 f8-lite/

and files within that theme have:

-rw-r--r-- 1 nobody nobody 583 Mar 24 09:53 page.php

No, this server is not running suPHP (if it were, I wouldn't have to use this technique).
 

shacker23

Well-Known Member
Feb 20, 2005
263
1
168
Infopro: What are the potential downsides to switching to suPHP? What could possibly go wrong? Things that might not work as expected... ?

Thanks.
 

Infopro

Well-Known Member
May 20, 2003
17,090
518
613
Pennsylvania
cPanel Access Level
Root Administrator
Twitter
IMHO, arguably there are none. And in this particular situation? The perfect answer.

You'll need to do some homework, switching to SuPHP has been covered quite a bit on these forums. File and Directory permissions and owner will need set, some users may have far more space used than you're aware of being used, as a couple of examples of problems you may come into as you'll read in those threads. Easy to sort out and worth the trouble.

cPanel comes with SuPHP enabled by default these days, AFAIK.

You want users to own their own files. It's easier for them to do things like updating Joomla or wordpress of SMF (three examples of scripts that allow updating via their admin panels) and it's easier for you as they don't have to bother you with setting directories and files owner and perms all the time so they can delete something they've uploaded thru a PHP script.
 

shacker23

Well-Known Member
Feb 20, 2005
263
1
168
Thanks for that great response. Sounds like this will be my next project, as soon as the dust settles from other recent changes. I'll start reading up. Much appreciated!
 

dtravington

Registered
May 19, 2012
1
0
51
cPanel Access Level
Website Owner
I found a few commands to help with troubleshooting here as well. /http://docloft.com/wordpress-prompts-for-connection-information/ I believe they are building an AWS instance for WordPress using a LAMP stack from scratch
 

brianoz

Well-Known Member
Mar 13, 2004
1,146
7
168
Melbourne, Australia
cPanel Access Level
Root Administrator
IMHO, arguably there are none. And in this particular situation? The perfect answer.
+1 - there is little or no downside.

The downside to NOT having suPHP (or similar) is that you are running your server with a pretty significant security hole open. Users can read each other's PHP files - not something you want!