Here is How To Configure WordPress Automatic WordPress Update Via SSH Authentication For a Very Secured WordPress Setup on Multiple Nodes. Normally, if we do not CHMOD WordPress Directories and Files to writable, the WordPress installation asks for FTP username and password; which again we can bypass by adding one line in wp-config.php file. However, it is possible to setup more secure method of authentication, that is adding one SSH user and adding few lines in wp-config.php file. This guide on automatic WordPress update via SSH authentication is exactly for this setup.
Automatic WordPress Update Via SSH Authentication : Preparation
We need to have SSH2 extension installed for PHP. That depends on the Server OS, Version and Webserver. In general, for deb Linux we need to check by running :
1 | php --ri ssh2 |
This should give this output :
---
1 2 3 4 5 6 | ssh2 SSH2 support => enabled extension version => 0.12 libssh2 version => 1.4.3 banner => SSH-2.0-libssh2_1.4.3 |
Else you need to check the documents to properly install it. Another way to check is to create a test.php file with the following content in FTP root :
1 2 3 4 5 6 7 8 | <?php if (function_exists('ssh2_connect')) { echo "true"; } ?> |
If you point to the PHP file from browser, you’ll see true as output for the right setup. Who are the owners of the WordPress files, that is important. Because, root‘s ~/.ssh location and other user’s ~/.ssh will be different.
1 2 | cd ~/.ssh cat authorized_keys |
For OpenStack, you will have a Nova generated key. You can run ssh-keygen command and enter any custom nameto avoid the file names to be id_rsa.pub and id_rsa. Set a passphrase to add additional security. If ownership of the files is not correct, you’ll need to chmod these files :
1 2 | chmod 755 ~/.ssh chmod 644 ~/.ssh/* |
Example of the Above
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 | sudo adduser wordpress-user cd /usr/share/nginx/html sudo chown -R www-data:wordpress-user /usr/share/nginx/html/ sudo su - wordpress-user cd ~ ssh-keygen -t rsa -b 4096 # save at # /home/wordpress-user/wp_rsa exit sudo chown wordpress-user:www-data /home/wordpress-user/wp_rsa* sudo chmod 0640 /home/wordpress-user/wp_rsa* sudo mkdir /home/wordpress-user/.ssh sudo chown wordpress-user:www-data /home/wordpress-user/.ssh/ sudo chmod 0700 /home/wordpress-user/.ssh/ sudo cp /home/wordpress-user/wp_rsa.pub /home/wordpress-user/.ssh/authorized_keys |
Automatic WordPress Update Via SSH Authentication : Editing wp-config.php
Now, edit the wp-config.php file and add these lines :
1 2 3 4 5 6 7 8 9 10 | define('FS_METHOD', 'ssh2'); define('FTP_BASE', '/usr/share/nginx/html'); define('FTP_CONTENT_DIR', '/usr/share/nginx/html/wp-content/'); define('FTP_PLUGIN_DIR ', '/usr/share/nginx/html/wp-content/plugins/'); define('FTP_PUBKEY','/home/wordpress-user/wp_rsa.pub'); define('FTP_PRIKEY','/home/wordpress-user/wp_rsa'); define('FTP_USER','wordpress-user'); define('FTP_PASS','********'); define('FTP_HOST','127.0.0.1:22'); // define('FTP_HOST','10.0.0.1:22'); |
We can further restrict by editing / adding the subnet like from="10.0.0.1" before ssh-rsa in this file :
1 | /home/wordpress-user/.ssh/authorized_keys |
FTP host will be edited rightly like shown above. In this case, you can restrict the access of the other nodes to wp-config.php file. Unless there are many nodes, this much security is usually not required.
