After setting up a new VPS to run this blog, among a few other sites, it only took a few minutes to get Wordpress running again. That part was easy, but later on when I tried to auto-upgrade to the latest version, I was suddenly prompted for FTP credentials. This is pretty odd, because:
- I don’t want to run an FTP server for security reasons
- The whole point of auto-updating is to download the new version from WordPress.com, not to upload anything. So why would I need to have an FTP server on my end anyway?
It turns out that this situation results from a strange design decision by the WordPress folks. As described here, you’ll get this prompt if:
- The owner of the WordPress webroot is anything other than the webserver user (in my case, “apache”). It is not enough to chmod 775, which would be expected, but you have to change the owner to apache.
- If you haven’t done #1, you get the FTP login prompt without any explanation or instruction.
Now I understand the WordPress is often used in shared hosting environments so that was apparently the reasoning behind this, but IMO it’s a lot more dangerous to be running an FTP server than it is to simply make sure apache can write to the webroot. Plus, requiring the owner to be apache is just weird.