WordPress Auto Upgrade and SFTP

WordPress added a nice feature a while back – the ability to upgrade your installation while logged into the admin console. If you make use of this feature you no longer need to mess around with downloading zip file, deleting the old stuff, loading the upgrade.php script etc etc. The same system can be used to upgrade plugins too.

I never made use of this feature for two reasons, the first being that my wordpress installation is subversioned (revision control with subversion) and the second being that only FTP and FTP+SSL were supported by it. FTP+SSL isn’t so bad but FTP is totally insecure. Eventually I decided to use this update system for the plugins at least and thought I should add support for SFTP. The plan was to create a plugin that would add an SSH option to the upgrader. It was then that I found that SFTP support is already there but hasn’t been enabled!

no SSH

On my desktop computer (Fedora 11), where I keep a copy of all my websites, I had the SFTP option enabled in a less than a minute but on my production server it took a while longer. That was because because libssh2, which is the key requirement for the PHP SSH extension could not be installed with YUM. (This is a Centos server). While attempting to use YUM, I had to run a load of updates and worst of all reboot the server (something which hasn’t been done for more than an year).

libssh2/php ssh extention had to be installed manually and I followed the instructions in the /wp-admin/includes/class-wp-filesystem-ssh2.php file – the same set of instructions are found at http://kevin.vanzonneveld.net/techblog/article/make_ssh_connections_with_php/. Unfortunately they both contain an error.

cd /usr/src
wget http://surfnet.dl.sourceforge.net/sourceforge/libssh2/libssh2-0.14.tar.gz
tar -zxvf libssh2-0.14.tar.gz
cd libssh2-0.14/
make all install

The libssh2 download is really ancient – it wouldn’t even compile on my Centos box – worse gcc even segfaulted while trying to compile it. I kid you not. I have never seen gcc segfault before.

make[1]: Entering directory `/root/libssh2-0.14/src’
gcc -o channel.o channel.c -c -g -O2 /usr/include -I/usr/include -Wall -I../include/ -fPIC
gcc: /usr/include: linker input file unused because linking not done
channel.c:1253:10: /usr/include: No such file or directory
channel.c:71: internal compiler error: Segmentation fault
Please submit a full bug report,
with preprocessed source if appropriate.
See for instructions.
make[1]: *** [channel.o] Error 1
make[1]: Leaving directory `/root/libssh2-0.14/src’
make: *** [all] Error 1

The correct way to go about it is to visit the libssh2 project page on sourceforge and download the latest version (happens to be 1.1 at the time of writing).  The latest version could be compiled without any problems. After that you can do the pecl installation followed by editing the php.ini file

pecl install -f ssh2

wordpress and ssh

wordpress and ssh

In my case, I had to give the full path to the ssh2.so file because the engine couldn’t find the extension when only a relative path was given. That’s because pear seems to have installed the shared object at a wierd location. Well in the end after the apachectl restart I now have the PHP SSH extension enabled and wordpress update page does show the ssh2 extension.

Jun 30th, 2009 | Posted in Networking, PHP
  1. Jul 11th, 2009 at 03:53 | #1


    Thank you for the tip, but all of this is too complex for me. Do you know of a WordPress plugin to do this for me? My server runs Debian, I only have SFTP access and I’m not sudoer on my machine.

    Thank you

  2. Jul 12th, 2009 at 06:35 | #2

    Thanj you for your answer. I’ll give it a look.

  3. Aug 15th, 2010 at 05:25 | #3

    Thanks for the writeup. While I was waiting for libssh2 to install I did some more digging and found this article: http://www.chrisabernethy.com/why-wordpress-asks-connection-info/comment-page-2/#comment-15647

    All this time I thought that WP had to somehow FTP in to your system to transfer the updates, but it’s a lot simpler than that! Basically, if you change the owner of your WordPress files to the same owner that PHP runs as, you can bypass all of this. The article explains more.

    • admin
      Aug 16th, 2010 at 06:58 | #4

      thanks for sharing

  4. cdtoad
    Mar 27th, 2011 at 00:20 | #5

    so after doing this the SSH option will just appear? No plugins for WordPress needed?

  5. Feb 5th, 2013 at 15:58 | #6

    With havin so much content do you ever run
    into any problems of plagorism or copyright infringement?
    My website has a lot of completely unique content I’ve either written myself or outsourced but it looks like a lot of it is popping it up all over the internet without my permission. Do you know any solutions to help stop content from being stolen? I’d
    truly appreciate it.

Leave a comment

XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>