How to Fix WordPress Asking for FTP Credentials During Updates

Problem Description

When updating or installing plugins or themes in the WordPress admin dashboard, you may be prompted to enter FTP or SFTP credentials. This typically occurs because the web server process (e.g., www-data, apache, nginx user) lacks sufficient write permissions for the WordPress directory and files.

Solutions

There are two main approaches to resolve this issue: modifying file permissions or editing the WordPress configuration file. It is recommended to try Method 1 (permission changes) first. If that is not feasible due to environmental constraints, proceed with Method 2 (configuration changes).

Method 1: Modify File Permissions (Recommended)

This method changes the ownership and permissions of the WordPress installation directory via command line, providing the most fundamental solution.

1. Connect to your server via SSH.
2. Navigate to the WordPress root directory (commonly /var/www/html or /home/username/public_html).
3. Execute the following command to change file ownership to the web server user (replace www-data according to your system):

   sudo chown -R www-data:www-data /path/to/your/wordpress/

4. Set secure directory and file permissions:

   sudo find /path/to/your/wordpress/ -type d -exec chmod 755 {} ;
   sudo find /path/to/your/wordpress/ -type f -exec chmod 644 {} ;

After completing these steps, return to the WordPress admin and attempt the update again. The prompt should disappear.

Method 2: Edit the wp-config.php File

If you cannot modify server file permissions (e.g., in a shared hosting environment), you can force WordPress to use the "direct" filesystem method by adding code to the wp-config.php file.

1. Using an FTP/SFTP client or your host's file manager, locate the wp-config.php file in the WordPress root directory.
2. Before the line /* That's all, stop editing! Happy publishing. */, add the following code:

   define('FS_METHOD', 'direct');
   // Optional: Define specific permission modes (only needed in certain environments)
   // define('FS_CHMOD_DIR', (0755 & ~ umask()));
   // define('FS_CHMOD_FILE', (0644 & ~ umask()));

3. Save the file and upload it back to the server if edited locally.
4. Refresh the WordPress admin page and try the update operation again.

Important Security Note: Defining 0777 permissions (as sometimes suggested) is insecure, as it allows any user to read, write, and execute files. The commented-out permission settings in the code above represent a safer standard practice. Use 0777 only as a last resort and if you understand the risks.

Causes and Prevention

This issue usually stems from incorrect file ownership or permissions. Best practices include:

• Ensuring correct user and group permissions are set during WordPress installation.
• Periodically checking that permissions for core files, plugins, and themes have not been altered accidentally.
• For production environments, using Method 1 (correct ownership and permissions) as a long-term solution to maintain site security.

Following these steps should successfully resolve the FTP credential prompt during WordPress admin updates.