[wp-hackers] Does WordPress do automatic updates as the user that owns the files?

Harry Metcalfe harry at dxw.com
Mon Aug 20 20:41:53 UTC 2012

On 20/08/12 21:10, Otto wrote:
> For any other case, it either asks for FTP credentials, or can use
> secure-ftp or ssh2 credentials (depending on the setup), to
> essentially perform a loopback connection to the server. Thus, while
> the PHP process may be running as "apache" or "nobody" or something,
> it will connect back to the server using, say, FTP, and give the
> proper login, then write the files via that connection. Each of the
> supported WP_Filesystem methods is in its own
> class-wp-filesystem-*.php file in the wp-includes directory, if you
> want to examine them.
Aha! It's that thing I've never used! Thanks for the explanation - very 

It looks like this could be easily overridden, too, by setting FS_METHOD 
(or using the filesystem_method filter) and including a new, 
appropriately-named class in a plugin? Except there's a comment at 
wp-admin/includes/file.php:844 -
> Please ensure that this is either 'direct', 'ssh', 'ftpext' or 
> 'ftpsockets'
Which makes it sound like that's not possible?

More information about the wp-hackers mailing list