Here I have a solution for “WordPress asking for FTP credentials to install a plugin or delete a plugin”. it’s a very common issue in WordPress and you can solve this by simply following the few steps given below. But before solving this issue, you need to know about WordPress FS_Method. Read more about FS_method on WordPress docs.
The solution for “WordPress asking for FTP credentials to install a plugin or delete a plugin” is:
step1: you need to the WordPress home directory and find the wp-config.php file.
Step2: Open the wp-config.php file add
define('FS_METHOD', 'direct' );. After adding this line and now save the file and check again by installing plugins.
FS_METHOD = 'direct'?
Unfortunately, WordPress’s logic for detecting an at-risk environment is flawed and produces both false-positives and false-negatives. Whoops. The test involves creating a file and making sure it belongs to the same owner as of the directory it lives in. The assumption is that if the users are the same, PHP is running as your own account and it’s safe to install plugins as that account. If they’re different, WordPress assumes that PHP is running as a shared account and it’s not safe to install plugins as that account. Unfortunately, both of these assumptions are educated guesses that will frequently be wrong.
You would use
define('FS_METHOD', 'direct' ); in a false positive scenario such as this one: you are part of a trusted team whose members all upload files through their own account. PHP runs as its own separate user. WordPress will assume that this is an at-risk environment and will not default to ‘direct’ mode. In reality, it’s only shared with users you trust, and as such
'direct' mode is safe. In this case, you should use define(‘FS_METHOD’, ‘direct’) to force WordPress to write files directly.
What’s the risk?
On a poorly configured shared host, every customer’s PHP will execute as the same user (let’s say apache for discussion). This setup is surprisingly common.
If you’re on such a host and use WordPress to install the plugin using direct file access, all of your plugin files will belong to apache. A legitimate user on the same server would be able to attack you by writing a PHP script that injects evil code into your plugin files. They upload their script to their own website and request its URL. Your code is successfully compromised because their script runs as apache, the same one that owns your plugin files.
Also Read, How to earn money via blogging.
1,609 total views, 1 views today