Saw an interesting blog post on Twitter today about storing WordPress FTP information in wp-config.php. The article was written in German so I sent the author an email to ask if he’d mind me translating it. Phil, the author, very kindly said yes – so my translation is below.

Since the addition of the automatic updates in the WordPress core became available, there has been the possibility of FTP data in the backend. Then you can get both plugins and the core by clicking on the date. However WordPress then stores the login information in the blog database. This can be a potential security issue. If someone were to gain access to your database then they would also have access to your entire server. One way of reducing the risk is to use the approach outlined below.

Editing wp-config.php

Access

The wp-config.php file can be used to define constant values so that the usage of a database can be removed. This makes the database smaller, and so improves site performance. For the FTP access the constants are as follows and should be added to the bottom of your wp-config.php file:

define('FTP_HOST', 'ftp.example.org');
define('FTP_HOST', 'ftp.example.org:2121');
define('FTP_USER', 'username'); 
define('FTP_PASS', 'password');

Secure Connection

For a secure connection add the following line (default: false):

define('FTP_SSL', true);

Directories

If the WordPress installation is not in the root directory of the FTP server you can define the location as follows:

define('FTP_BASE','...');

Have you moved the plugin directory or all of the content folder? You can also specify the full path using these two constants:

define('FTP_CONTENT_DIR', '...');

define('FTP_PLUGIN_DIR', '...');

Method

Finally, you can also adjust the method to be used by WordPress for the file system. This often hides errors if something goes wrong with the file permissions. You should only change this value if errors occur, most of the time the default will work just fine.

define('FS_METHOD', 'direct');

The following methods are possible:

  • direct (default) – PHP file system functions
  • ssh – SSH PHP Extension
  • ftpext – FTP PHP Extension
  • ftpsockets – PHP socket extension

The constants FTP_PUBKEY, FTP_PRIKEY display the paths to the SSH public key and private key SSH specify.

Delete existing data

If you’re unsure whether access data already stored on WordPress, you can search the WordPress options in the database using the following page on your website:

http://example.org/wp-admin/options.php

There you should search for the entry: ftp_credentials

If this is present, you have already stored the FTP data in your database. You can delete it by simply removing the value in the ftp_credentials field on the options page, then scrolling to the bottom, and pressing save. You should be very careful doing this though as there is potential for your website to be broken when doing this.

More information

Further Information can be in the WordPress Codex:

Easy WordPress Updates: Store FTP Info in wp-config.php的更多相关文章

  1. Automatic WordPress Updates Using FTP/FTPS or SSH

    Introduction When working with WordPress in a more secure environment where websites are not entirel ...

  2. Install WordPress Plugins without FTP Access

    WordPress will only prompt you for your FTP connection information while trying to install plugins o ...

  3. WordPress主题制作教程[壹] - 了解WP&结构&索引

    最近开始筹备WordPress主题开发了.首先我们在此章节中进行了解什么是WP,以及WP的结构.通过这个文章索引到以后所写的WP系列教程. (抱歉,大家不要急,持续更新中....) 1.首先,我们来认 ...

  4. 关于wordpress中的contact form7和WP Mail SMTP的一些设置

    昨天帮客户解决了这个问题  折腾了好几个小时  下面说下流程 先配置的  wp mail smtp 如果配置完毕后  就可以使用里面配置的邮件   放到contact form7 中的 发件人中 1 ...

  5. Core - Provide an easy way to store administrator and user model differences in a custom store (e.g., in a database)

    https://www.devexpress.com/Support/Center/Question/Details/S32444/core-provide-an-easy-way-to-store- ...

  6. 【WordPress】CentOS 6.10 测试WP发送邮件失败

    1.错误信息如下: SMTP -> ERROR: Failed to connect to server: Permission denied (13) 2.解决方法: https://gist ...

  7. 解决升级WordPress及插件需输入FTP账号的问题

    当添加,删除,升级 WordPress 插件或者直接升级 WordPress 的时候,WordPress 总是提示让你输入 FTP 帐号信息,非些烦人. 我们可以在 wp-config.php 中定义 ...

  8. 五种WordPress防止垃圾评论方法-过滤垃圾评论提高WP运行效率

    WordPress貌似和垃圾评论是一对“孪生兄弟”,无论在国内还是国外的空间主机上搭建的Wordpress博客,无论Wordpress有多少流量多么低的权重,垃圾评论都会自动找上门来,假如有好几天没有 ...

  9. wordpress常用插件汇总

    WordPress之所以能成为目前最具人气的独立博客程序,除了无数爱好者为它开发的主题外,源源不断的插件支持也是重要的原因之一.wordpress的强大,也是在于无数爱好者源源不断的主题和插件. wo ...

随机推荐

  1. 【前端vue开发】vue单页应用添加百度统计

    前言 申请百度统计后,会得到一段JS代码,需要插入到每个网页中去,在Vue.js项目首先想到的可能就是,把统计代码插入到index.html入口文件中,这样就全局插入,每个页面就都有了;这样做就涉及到 ...

  2. python基础--subprocess模块

    可以执行shell命令的相关模块和函数有: os.system os.spawn* os.popen*          --废弃 popen2.*           --废弃 commands.* ...

  3. 微信 JS API 支付教程

    最近一个项目中用到了微信开发,之前没有做过支付相关的东西,算是拿这个来练练手,刚开始接触支付时候很懵逼,加上微信支付开发文档本来就讲得不清楚,我是彻底蒙圈了,参考了很多代码之后,算是有一点思路了. 用 ...

  4. 80端口被System占用 造成Apache不能启动的解方案

    运行netstat -aon | findstr :80 ,发现pid是4的进程占用着80端口,这还是一个系统进程,kill不掉.所以只能另想办法: 1.打开注册表:regedit 2.找到:HKEY ...

  5. supervisor管理uwsgi

    1. 前言 传统的管理uwsgi服务: 1. 通过shell脚本来编写start restart stop函数来控制 2. 比较麻烦,有时候控制写的烂,还会出现意想不到的错误 supervisor进行 ...

  6. Django数据库数据表操作

    建立表单 django通过设置类来快速建表,打开models.py 例: from __future__ import unicode_literals from django.db import m ...

  7. 一步一步学习IdentityServer4 (5) .NETCore2.0 Swagger

    首先添加nuget: Swashbuckle.AspNetCore services.AddSwaggerGen(c => { c.SwaggerDoc("v1", new ...

  8. CCF CSP 201509-4 高速公路

    CCF计算机职业资格认证考试题解系列文章为meelo原创,请务必以链接形式注明本文地址 CCF CSP 201509-4 高速公路 问题描述 某国有n个城市,为了使得城市间的交通更便利,该国国王打算在 ...

  9. LoadRuner常见错误

    LoadRuner常见错误 一.Step download timeout (120 seconds) 这是一个经常会遇到的问题,解决得办法走以下步骤: 1. 修改run time setting中的 ...

  10. oracle中vsize和length

    其实LENGTH与VSIZE这两个函数联系不大,区别很大.虽然都是“取长度”,但是LENGTH函数结果是“有多少个字符”,VSIZE结果是“需要多少bytes”.简单看一下这两个函数. 1.创建表T并 ...