WordPress and FTP

We self host WordPress and during our installation we came to a difficult part…setting up FTP.  The way the WordPress “update automatically” features work is through an FTP account.  You setup an FTP user for WordPress to use so it can FTP into your web server and update/install plugins, themes or even WordPress itself!  The “automatic” part of this feature is so nice that we decided we should install an FTP user.  This post will walk you through the exact steps operationlinux had to take, enjoy.

We run Very Secure FTP, the service was already running on our CentOS machine so this example will not go into installing vsftp.

Create an ordinary UNIX user. But set the shell to nothing and the home directory to where you have the WordPress files hosted. We set the shell to nothing aka "/sbin/nologin" for security reasons, see (R1) for details.

[root@ns1 blog2]# useradd -d /var/www/operationlinux/blog2/ -s /sbin/nologin wpftp

In our example the FTP user is "wpftp" and we host the files at "/var/www/operationlinux/blog2/".

Give your new user a password (just follow the prompts).

[root@ns1 blog2]# passwd wpftp

Now you have a UNIX user who exists on the system but who is harmless because they can’t login to the machine through a shell. Next we have to add them to the vsftp config files.

/etc/vsftpd$ vi user_list

# vsftpd userlist
# If userlist_deny=NO, only allow users in this file
# If userlist_deny=YES (default), never allow users in this file, and
# do not even prompt for a password.
# Note that the default vsftpd pam config also checks /etc/vsftpd/ftpusers
# for users that are denied.

wpftp

As you can see we appened the newly created user.

Test that it works.
operationlinux@greeny:~/learn$ ftp operationlinux.com
Connected to operationlinux.com.
220 Welcome to operationlinux.com.
Name (operationlinux.com:operationlinux): wpftp
331 Please specify the password.
Password:
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> ls

References
R1: http://www.faqs.org/docs/securing/chap29sec295.html

This entry was posted in Linux. Bookmark the permalink.

One Response to WordPress and FTP

  1. Kamil says:

    Hi,
    When I added as you suggested I got 530 error.
    When I removed user from user_list everything worked fine.

    Thanks for tutorial.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>