I’ve spent a lot of time trying to fix the automatic WordPress update function on some of my customer’s websites, luckily a simple solution exists and can be applied also to restrictive shared hostings. The symptoms are:
  • automatic upgrade keeps asking for FTP credentials
  • even with the right credentials, the upgrade process fails with an error like:
Downloading update from http://wordpress.org/wordpress-3.0.1.zip…

Unpacking the update…

Verifying the unpacked files…

Installing the latest version…

Could not copy file.: /public_html/wp-admin/css/theme-editor.dev.css

Installation Failed
It was obviously a permission problem, but since I didn’t have a shell access on any of the mentioned servers I couldn’t fix permissions by hand. I’ve finally found a solution which involves having access to cron (AFAIK all shared hostings give this possibility) and changing a single line in WP configuration. The solution is in three steps:
  1. change WP config to force direct upgrade
  2. change permissions on the filesystem to allow upgrading
  3. do the upgrade
  4. reset permissions on the filesystem

Change WP config

Edit wp-config.php, add the following line:

define('FS_METHOD', 'direct');

This line will force WP upgrade method to “direct”, so that WP will not ask for your FTP credentials anymore.

Change permissions

The idea here is to use cron jobs (which are normally run with a user which have enough permissions to perform such actions) to alter filesystem’s permissions. This is necessary to perform the upgrade.

Running the following command should alter the permissions to allow the upgrade, please substitute the path_to_your_docs to reflect your setup.

chmod -R 777 /path_to_your_docs/

Do the upgrade

You should now be able to do the upgrade from WP admin panel.

Reset permissions

You can use the cron trick again (two separate cron jobs are needed):

find  /path_to_your_docs/ -type d -exec chmod -R 755 {} \;
find  /path_to_your_docs/ -type f -exec chmod -R 644 {} \;

Be warned that wrong permissions can make your site more easily attacked, see Hardening WordPress for a primer on this topic.