Secure your WordPress updates
Secure your WordPress updates

I have found an interesting article on how to use ssh to update your WordPress blog instead of the default method (FTP/FTPS).

The steps are the following :

  • create a new user account
    adduser wp-user
  • set the security rights for the files and the folders on the WordPress path (for the example, the WordPress directory path is /var/www/html)
    cd /var/www/html
    find . -type d -exec chmod 0755 {} \;
    find . -type f -exec chmod 0644 {} \;
  • set the file ownership to the new user account
    chown -R wp-user:wp-user /var/www/html
  • create a RSA keypair (both public and private keys)
    ssh-keygen -t rsa -b 4096
    When prompted, enter /home/wp-user/wp_rsa

    Info : do not set the passphrase. Just leave it blank and type “Enter”. Otherwise, it will not work. Do not hesitate to leave a comment if you have a tip to do it works with a passphrase…

  • Set the security and the ownership on the key files/folders
    chown wp-user:www-data /home/wp-user/wp_rsa*
    chmod 0640 /home/wp-user/wp_rsa*

    mkdir /home/wp-user/.ssh
    chown wp-user:wp-user /home/wp-user/.ssh/
    chmod 0700 /home/wp-user/.ssh/
    cp /home/wp-user/wp_rsa.pub /home/wp-user/.ssh/authorized_keys
    chown wp-user:wp-user /home/wp-user/.ssh/authorized_keys
    chmod 0644 /home/wp-user/.ssh/authorized_keys

  • To restrict the key usage to the local computer, add the following text at the beginning of the file /home/wp-user/.ssh/authorized_keys before ssh-rsa
    from=”127.0.0.1″ ssh-rsa…
  • Add the following packages :
    apt-get update
    apt-get install php5-dev libssh2-1-dev libssh2-php
  • Edit your wp-config.php and add these lines at the end :
    define(‘FTP_PUBKEY’,’/home/wp-user/wp_rsa.pub’);
    define(‘FTP_PRIKEY’,’/home/wp-user/wp_rsa’);
    define(‘FTP_USER’,’wp-user’);
    define(‘FTP_HOST’,’127.0.0.1:22′);
  • Restart Apache
    service apache2 restart

Reference

Source

<>

My Powershell script categories

Secure your WordPress updates

Leave a Reply

Your email address will not be published. Required fields are marked *