Enable WordPress Automatic Updates on a Debian Server

I attempted to get WordPress to update plugins automatically on my Debian server today, and found it a bit less than trivial due to the number of configuration gotchas.

[Update August 2014: Please create the ftpsecure user with -s /usr/sbin/nologin, otherwise it can log in over ssh!]

Assuming you’re running a Debian server (I have 6.0 Squeeze), on which WordPress is installed in /var/www/site/public_html:

1) Install required packages. I used vsftpd.

sudo apt-get install vsftpd openssl

2) Configure vsftpd. I set the following options in /etc/vsftpd.conf

# Enable only local users, no anonymous

# Allow only our special FTP user

# Here's the security trick -- listen only on the local interface to 
# prevent external connections

# Enable debugging until everything works :)

3) Add a user for ftp access

# Add the user
sudo useradd ftpsecure -d /var/www -s /usr/sbin/nologin

# Set a password. Since vsftpd is only listening on localhost, the 
# security of this password isn't too important.
sudo passwd ftpsecure

# Add to the vsftpd allow list
echo "ftpsecure" | sudo tee -a /etc/vsftpd.allow_list

4) Turn on vsftpd:

sudo /etc/init.d/vsftpd restart

5) Set permissions for ftpsecure to access your wordpress files. I use access control lists (ACLs), but you could use chown/chmod if you want. These may seem like a bit to permissive — keep in mind that the only way ftpsecure can log in is from your server.

setfacl -m u:ftpsecure:r-x /var/www/site/

# The updater needs access to the root site
setfacl -R -m u:ftpsecure:rwx /var/www/site/public_html
setfacl -R -d -m u:ftpsecure:rwx /var/www/site/public_html

7) Tell WordPress about your FTP credentials. In /var/www/site/public-html/wp-config.php:

define('FTP_HOST', 'localhost');
define('FTP_USER', 'ftpsecure');
define('FTP_PASS', '<password>');

6) Run an update. If WordPress asks for the connection type, choose FTP. Try getting WordPress to update a plugin or the entire site. If it fails, view the log with

tail -f /var/log/vsftpd.log

and run the update again. You’ll be able to tell from the log if there was a permission problem.

7) Disable logging. Remove the line


in /etc/vsftpd.conf

8) You’re done!

Comment below if these steps didn’t work for you.

For reference, I used:

Posted in Software | Tagged , | 9 Comments

9 Responses to Enable WordPress Automatic Updates on a Debian Server

  1. JW says:

    Thanks for the informative post.

    I’m wondering if you would be kind enough to show the commands to use chown/chmod to set the permissions as stated. I’m just learning Debian and I’m having trouble with this part of the post. Thanks so much.

  2. AE says:

    This was really very helpful, but there seems to be a step missing: You have to add the new user ftpsecure to the file /etc/vsftpd.allow_list

  3. Vasek says:

    Thanks for very helpful post and thanks AE for the update. Work like charm now!!!

  4. Worked a treat on Debian Squeeze 6.0.7. Many thanks!

  5. Pingback: Get WordPress Going on Amazon EC2 with Linux | Johnsonism

  6. Thanks for your info…

  7. James Vasile says:

    BTW, because ftpsecure specifies a user with the nologin shell, I had to edit /etc/pam.d/vsftpd to remove the auth required line. If the instructions fail with the ftpsecure user but work with a normal user that can log in, this is likely your culprit.

  8. Jamie says:


    I followed the instructions, but I’m getting 530 errors– client can’t connect. Invalid login. However, I am quite certain that the credentials are correct. Any advice?


Leave a Reply

Your email address will not be published.