Saw an interesting blog post on Twitter today about storing WordPress FTP information in wp-config.php. The article was written in German so I sent the author an email to ask if he’d mind me translating it. Phil, the author, very kindly said yes – so my translation is below.

Since the addition of the automatic updates in the WordPress core became available, there has been the possibility of FTP data in the backend. Then you can get both plugins and the core by clicking on the date. However WordPress then stores the login information in the blog database. This can be a potential security issue. If someone were to gain access to your database then they would also have access to your entire server. One way of reducing the risk is to use the approach outlined below.

Editing wp-config.php

Access

The wp-config.php file can be used to define constant values so that the usage of a database can be removed. This makes the database smaller, and so improves site performance. For the FTP access the constants are as follows and should be added to the bottom of your wp-config.php file:

define('FTP_HOST', 'ftp.example.org');
define('FTP_HOST', 'ftp.example.org:2121');
define('FTP_USER', 'username'); 
define('FTP_PASS', 'password');

Secure Connection

For a secure connection add the following line (default: false):

define('FTP_SSL', true);

Directories

If the WordPress installation is not in the root directory of the FTP server you can define the location as follows:

define('FTP_BASE','...');

Have you moved the plugin directory or all of the content folder? You can also specify the full path using these two constants:

define('FTP_CONTENT_DIR', '...');

define('FTP_PLUGIN_DIR', '...');

Method

Finally, you can also adjust the method to be used by WordPress for the file system. This often hides errors if something goes wrong with the file permissions. You should only change this value if errors occur, most of the time the default will work just fine.

define('FS_METHOD', 'direct');

The following methods are possible:

  • direct (default) – PHP file system functions
  • ssh – SSH PHP Extension
  • ftpext – FTP PHP Extension
  • ftpsockets – PHP socket extension

The constants FTP_PUBKEY, FTP_PRIKEY display the paths to the SSH public key and private key SSH specify.

Delete existing data

If you’re unsure whether access data already stored on WordPress, you can search the WordPress options in the database using the following page on your website:

http://example.org/wp-admin/options.php

There you should search for the entry: ftp_credentials

If this is present, you have already stored the FTP data in your database. You can delete it by simply removing the value in the ftp_credentials field on the options page, then scrolling to the bottom, and pressing save. You should be very careful doing this though as there is potential for your website to be broken when doing this.

More information

Further Information can be in the WordPress Codex:

Easy WordPress Updates: Store FTP Info in wp-config.php的更多相关文章

  1. Automatic WordPress Updates Using FTP/FTPS or SSH

    Introduction When working with WordPress in a more secure environment where websites are not entirel ...

  2. Install WordPress Plugins without FTP Access

    WordPress will only prompt you for your FTP connection information while trying to install plugins o ...

  3. WordPress主题制作教程[壹] - 了解WP&结构&索引

    最近开始筹备WordPress主题开发了.首先我们在此章节中进行了解什么是WP,以及WP的结构.通过这个文章索引到以后所写的WP系列教程. (抱歉,大家不要急,持续更新中....) 1.首先,我们来认 ...

  4. 关于wordpress中的contact form7和WP Mail SMTP的一些设置

    昨天帮客户解决了这个问题  折腾了好几个小时  下面说下流程 先配置的  wp mail smtp 如果配置完毕后  就可以使用里面配置的邮件   放到contact form7 中的 发件人中 1 ...

  5. Core - Provide an easy way to store administrator and user model differences in a custom store (e.g., in a database)

    https://www.devexpress.com/Support/Center/Question/Details/S32444/core-provide-an-easy-way-to-store- ...

  6. 【WordPress】CentOS 6.10 测试WP发送邮件失败

    1.错误信息如下: SMTP -> ERROR: Failed to connect to server: Permission denied (13) 2.解决方法: https://gist ...

  7. 解决升级WordPress及插件需输入FTP账号的问题

    当添加,删除,升级 WordPress 插件或者直接升级 WordPress 的时候,WordPress 总是提示让你输入 FTP 帐号信息,非些烦人. 我们可以在 wp-config.php 中定义 ...

  8. 五种WordPress防止垃圾评论方法-过滤垃圾评论提高WP运行效率

    WordPress貌似和垃圾评论是一对“孪生兄弟”,无论在国内还是国外的空间主机上搭建的Wordpress博客,无论Wordpress有多少流量多么低的权重,垃圾评论都会自动找上门来,假如有好几天没有 ...

  9. wordpress常用插件汇总

    WordPress之所以能成为目前最具人气的独立博客程序,除了无数爱好者为它开发的主题外,源源不断的插件支持也是重要的原因之一.wordpress的强大,也是在于无数爱好者源源不断的主题和插件. wo ...

随机推荐

  1. tf.summary.merge_all()

    1.自动管理模式 summary_writer = tf.summary.FileWriter('E:/data/tensorflow-master/1.Cnn_Captcha/result/', f ...

  2. 如何用纯CSS布局两列,一列固定宽度,另一列自适应?

    大家都知道好多网站都是左右布局的,很多公司在笔试和面试环节也常常问这个问题.一个去网易的师兄说14年腾讯面试的时候问过这个问题,网易在笔试和面试时候也问过这个问题,还有很多互联网公司也都涉及到这个问题 ...

  3. PL/SQL开发中动态SQL的使用方法

    一般的PL/SQL程序设计中,在DML和事务控制的语句中可以直接使用SQL,但是DDL语句及系统控制语句却不能在PL/SQL中直接使用,要想实现在PL/SQL中使用DDL语句及系统控制语句,可以通过使 ...

  4. ***四种参数传递的形式——URL,超链接,js,form表单

    什么时候用GET,  查,删 什么时候用POST,增,改  (特列:登陆用Post,因为不能让用户名和密码显示在URL上) 4种get传参方式 <html xmlns="http:// ...

  5. Mybatis入门及Dao开发方式

    本节内容: Mybatis介绍 使用jdbc编程问题总结 Mybatis架构 Mybatis入门程序 Dao的开发方式 SqlMapConfig.xml文件说明 一.Mybatis介绍 MyBatis ...

  6. CTF实验吧让我进去writeup

    初探题目 两个表单,我们用burp抓包试试 这时候我们发现Cookie值里有个很奇怪的值是source,这个单词有起源的意思,我们就可以猜测这个是判断权限的依据,让我们来修改其值为1,发送得到如下显示 ...

  7. Jvm内存区域和GC

    运行时数据区域 线程私有 程序计数器 正在执行的字节码指令的地址(native方法时为undefined) Java虚拟机栈 存储栈帧(局部变量表,操作数栈,动态链接,方法出口)OOM,StackOv ...

  8. Linux-UDP-Socket编程

    接收CAN总线上的数据并将其发送出去 创建客户端: /******************************************************************** * co ...

  9. [ 原创 ] Java基础1--Java中super和this的用法和区别

    许多同学在学习Java时分不清楚this和super的用法和区别,今天偶然发现一片加精的博文,看完内容准备自己也写下来积累一下 1.如果想在子类的构造方法中调用父类的构造方法,必须在子类的构造方法中使 ...

  10. ubuntu下 mysql安装以后无法登陆的的解决方法((ERROR 1698 (28000): Access denied for user 'root'@'localhost'))

    1. 删除mysql sudo apt-get autoremove --purge mysql-server-5.0 sudo apt-get remove mysql-server sudo ap ...