How to prevent WordPress from requesting FTP details to download themes or updates

October 11th, 2011


About the Author: Dan

I’m Dan Smart, a 38 year old website developer, based in Swansea, UK. I have worked in the software development industry for over 15 years, with experience in web development, mobile handset development, and mobile networks. I work both on websites and web applications with systems such as Wordpress, Laravel, Backbone, Angular.js, node.js and mobile app development with PhoneGap, iOS, and Android. When I’m not developing websites and software, I am a keen runner, involved with mime performance group Innovo Physical Theatre, and also actively involved in my local church.

* Follow me on Twitter or contact me


WordPress will by default request your FTP details when downloading any of the following:

  • Plugins (and updates)
  • WordPress core updates

This can cause problems with your site if someone changes the details by accident, or loses the FTP password. If you don’t have an FTP client on your server this will prevent you downloading such updates or plugins via the admin.

Setting FTP Details

You are able to set the FTP details in the wp-config.php file, with a number of parameters. The most basic is the following:

  1. define('FS_METHOD', 'ftpext');
  2. define('FTP_USER', 'username');
  3. define('FTP_PASS', 'password');
  4. define('FTP_HOST', 'ftp.example.org');

Add this bit just above the line that says: /* That’s all, stop editing! Happy blogging. */

The first parameter says that we will use the FTP PHP extension to access the FTP site (there are others).

Then set your username, password, and FTP host details, and save the wp-config.php file.

Note: always save a backup of your wp-config.php file in case of any problems.

For Servers without FTP Access

I sometimes work on a server that’s been secured, and does not have an FTP server on it, with access only via SSH. In this case, you would not be able to upload files via the admin, and would have to SCP them up instead, which is not particularly user-friendly.

In this case, you can set a different value for the FS_METHOD define:

  1. define('FS_METHOD', 'direct');

There are a number of caveats with this, in that it can open up a whole load of security issues on poorly secured servers, and so you should only use this if you are working on a secured server (probably non-shared).


Switch to mobile version