0

I backed up my /var/www/wordpress folder to my external harddisk and restored it back. Now when I add a new plugin I am asked for ftp access to my localhost. I wonder why ?

As far as I could go /var/www/wordpress and its subfolders/files are own'ed by root. I have logged in to my wordpress as admin root.

I dont know why I need to setup ftpd, but I tried that too. here

I am missing something really silly here.

Community
  • 1
Siddharth
  • 331
  • 1
  • 4
  • 28
  • 1
    I'm not familiar with Wordpress but it doesn't surprise me that it requires ftp access to install a plugin--otherwise you would be giving your webserver permission to create/delete files... A bad idea. On another note, you probably should have your files owned by root. Have them owned by any old user and then giving the `www-data` group (Apache) read access is much more secure. I've had great luck using `vsftpd` for installing/updating Drupal modules, if you desire I can give you some info on how to set this up. – adempewolff Jun 09 '12 at 04:13
  • Thanks, ran "cd /var/www/wordpress" and "sudo chown -R www-data:www-data wordpress". It worked. – Siddharth Jun 09 '12 at 10:52
  • 1
    Glad it worked, but I'm not sure how good having them owned by the _user_ `www-data` is... I usually just have them owned by the _group_ `www-data`. – adempewolff Jun 09 '12 at 11:43

1 Answers1

2

While developing a WordPress site, giving www-data write access to your files can make your life a lot easier.

The reason is that the admin panel of WordPress allows you to change lots of configurations easily, creates the .htaccess file for you with the correct rewrite rules (depending on how you want your permalinks), installs and configures plug-ins. You even have access to an editor which allows you to edit your CSS and PHP files.

Although, the editor is not that important. When you have access to the files, an IDE would be a much better choice. As for the other functionalities, they can prove to be useful sometimes.

So to summarize, the best configuration would be to give user ownership to root and group ownership to www-data.

sudo chown -R root:www-data /var/www/wordpress

Then give write access to www-data during development:

sudo chmod -R g+w /var/www/wordpress

Once you are done with the development, you should revoke the write access from your files to www-data and only give that user write access on the uploads folder (This is where files uploaded from the admin end up).

sudo chmod -R g-w /var/www/wordpress
sudo chmod -R g+w /var/www/wordpress/wp-content/uploads

And finally, it is best to revoke all permissions from other (You can even do this during development):

sudo chmod -R o-rwx /var/www/wordpress
Dan
  • 12,494
  • 7
  • 70
  • 94