For months I was annoyed at the inability of my WordPress installation to automatically upgrade both plugins as well as the core installation. Every time I had to do a core upgrade of WordPress, I would manually download the zip file, unpack, copy the wp-contents and wp-config files and then take care of any outdated plugins. I tried many, many times to open the FTP ports on my instance and do the upgrades, but time after time I got the same annoying connectivity error.
I decided today to end all that, as I am getting ready to get back to blogging (after a couple of months hiatus, related to a project I’ll share with you later) and wanted to start with the new WordPress 3.0.
First of all, I needed to figure out how to open the FTP server of my instance, since I don’t have it open all the time. I highly recommend to everyone to keep FTP closed, and only open as needed (minutes is better) as FTP can be easily be exploited by hackers.
FTP works with multiple ports. On one hand you have the standard ports, which are port 20 and 21, and on the other a “passive” control port that is randomly picked per session.
I recommend that you use vsftpd, which is standard on most Linux installations. You can start and stop vsftpd using the command: sudo /sbin/service vstfpd start (or stop).
First, you will need to edit your vsftpd config file by editing /etc/vsftpd/vsftpd.conf. At the end of the file, insert the following snippet:
# Passive support
pam_service_name=vsftpd
userlist_enable=YES
tcp_wrappers=YES
pasv_min_port=51000
pasv_max_port=51999
pasv_address=201.201.144.144
pasv_addr_resolve=YES
cmds_allowed=USER, PASS, QUIT, PASV, RETR, SYST, PWD, NOOP, CWD, STOR, LIST, DELE, MKD
The pasv_min_port and pasv_max_port can be any range you pick, as long as they are available on your instance. Then, on the pasv_address put your instance’s Elastic IP address or publicly visible IP.
Next go to the AWS Management Console, and under Networking & Security select the Security Groups option and make sure to add two entries on the list of ports: one for TCP ports 20 to 21 and another for TCP ports 51000 to 51999. See the graphic below:
Now, make sure you start vsftpd (using sudo /sbin/service vstfpd start) and check from an outside computer that you can log in to your machine. You need to make sure that you have a user that will be chmoded to your root wordpress installation (using the command useradd, as described here).
One last thing on the FTP side is that the apache user has access to your whole installation (as the upgrade process will be driven by the WordPress program which runs as apache). You can do that by issuing sudo chown -R apache:apache blog/.
If you try doing the upgrade now, you could still receive this cryptic error message: “Unable to locate WordPress root directory”. I found the fix, via this blog, where you basically add the following snippet at the end of your wp-config.php file:
if(is_admin()){
add_filter('filesystem_method', create_function('$a', 'return "direct";'));
define('FS_CHMOD_DIR', 0751 );
}
Try now — if the WordPress Gods are smiling at you, you should be able to upgrade via FTP. A reconfiguration of the WordPress may be necessary, so make sure to do a backup of your blog DB. But I’ve got to say, once I saw WordPress’s 3.0 Dashboard only after a few seconds, I was glad I spent the time to finally get this to work. I also upgraded a couple of plugins without any problems.
After you’re done, remember to shut down vsftpd — don’t let it running on your instance to avoid possible hacking, by doing sudo /sbin/service/vsftpd stop
Let me know if this worked for you. I’m looking forward to a whole lot of blogging in the following months!
{ 5 comments }
