[wp-testers] Automatic upgrade still failing

Ryan Boren ryan at boren.nu
Mon Nov 3 17:00:27 GMT 2008


On Mon, Nov 3, 2008 at 7:09 AM, Otto <otto at ottodestruct.com> wrote:
> Unfortunately, I think that the automatic upgrade process is
> fundamentally incompatible with a secure site. See, in order for it to
> work, all the WordPress files need to be writable by the webserver
> (unless the "FTP" method is used). This is a tricky proposition at
> best.

We go through pains to make sure we're compatible with a secure site.
Unlike other upgraders, it does not require that files be writable by
the webserver.  Nor does it change permissions via FTP so that files
can be written by the webserver.

Is the upgrade using the direct FS method for these failed cases (you
aren't asked for credentials if using direct)?  We try to make sure
direct is used only when files created by the webserver have the same
owner as the WP files.  If we are using direct where we shouldn't be,
let's fix it.  What are the owner and permissions on these files that
fail copy.  What user is the webserver running as?


More information about the wp-testers mailing list