1. Startseite
  2. Wordpress
  3. Storing FTP credentials for automatic updates

Storing FTP credentials for automatic updates

Übersicht

WordPress periodically deploys updates to secure flaws within its code or provide general enhancements. These updates are rolled out in the form of releases that, as of WordPress 3.7, can occur in the background automatically without requiring user intervention. If permissions prohibit, WordPress cannot perform an automatic update and require user intervention to manually update.

Lösung

Edit wp-konfiguration.php located within the Dokumentenstamm of your WordPress domain or base of the subdirectory if located elsewhere under a domain. Add the following 3 lines to the end of your configuration file:

/** Setup FTP Details **/
define("FTP_HOST", "localhost");
define("FTP_USER", "your-ftp-username");
define("FTP_PASS", "your-ftp-password");

Substitute, of course, your-ftp-password und your-ftp-username with your FTP credentials. FTP_HOST should remain the same (“localhost“).

Caveats/Warnings

Since your FTP configuration, which is equivalent to control panel credentials, is stored in a wp-konfiguration.php file accessible by the web server, if an attacker gains unauthorized access to your WordPress installation, then the attacker will also have access to view the credentials inside wp-konfiguration.php. For this reason, it is advised that if you choose this route, create a new user within the control panel (Benutzer > Benutzer hinzufügen) to manage web files apart from the primary user on the account. In the event this account is compromised, then the attacker would only have access to the FTP account for that user, and not the master control panel login. And even then, if the account were hacked, an attacker would already be able to snoop those files!

Aktualisiert am März 7, 2021

Verwandte Artikel