Keeping your server secure and up to date are two extremely important aspects of running your own setup. Arguably, enabling FTP services on your machine leaves you vulnerable to attacks – so if you don’t really need FTP other than to update WordPress and install plugins then keep reading.
SSH gives you the power to transfer your files and access your server over a more secure line. If set up correctly, it can also allow you to setup WordPress for simple updates and plugin installations and that is what we are going to dig into.
If you do not have SSH2 installed on your server then check out this tutorial -> Install SSH2 for PHP
Given the prerequisites are complete, it’s time to generate your new RSA keys.
Generate RSA keys: ssh-keygen
You will be requested to input the location to which you would like to save the keys. Typically you create a hidden ssh folder somewhere. The only real limitation: DO NOT save them in your web directory
You have the option of inputting a pass phrase but it is not essential. Leave it blank to not assign a pass phrase to the RSA key.
Once completed, it will output the location of your keys and your fingerprint. Let’s assume for arguments sake your keys were saved in /home/inkhorn/.ssh/
In your .ssh folder you need to create an authorized keys file
Create authorized_keys: cp id_rsa.pub authorized_keys
Ensure that the folder and file permissions are set correctly
Update permissions: chmod 775 .ssh and chmod 644 .ssh/*
Finally you need to update the wp-config.php file with the following:
File wp-config.php additions:
define(‘FTP_PASS’,”); //the pass phrase used when generating the RSA key
Your done. Now you can update WordPress and install plugins right from the control panel
Note: If you want to create a separate user for updates then do the following
Create your new user and keys
sudo adduser wordpress usermod -a -G www wordpress sudo su – wordpress ssh-keygen cp /home/wordpress/.ssh/id_rsa.pub /home/wordpress/.ssh/authorized_keys exit sudo chgrp www-data /home/wordpress/.ssh sudo chmod 750 /home/wordpress/.ssh sudo chown www-data /home/wordpress/.ssh/id_rsa