A lot of people seem to have a great deal of difficulty using the WordPress update facility that allows you to update your WordPress install, themes and plugins from within the WordPress admin. As is so often the case, file and directory permissions are often to blame. (Updating WordPress in the Codex is worth reading)
If you are using shared hosting with a company like Dreamhost (for example), then you are in luck. If you are managing your own server or are on many other hosts, then you may have a great deal of difficulty.
I’ve recently given the blog associated with one of the sites I manage a bit of a makeover. The site has a dedicated server so we can do what we want. We’ve always had SFTP accounts no basic FTP access. Historically the blog was hosted in a sub directory of the main site and the theme shared many files with the main site and had access to the main site database.
The reason it is important to use SFTP is that FTP user names and passwords are sent as plain text and can be captured by a third party using the same network. SFTP is a secure extension to SSH that allows you to carry out FTP actions.
We decided to unwind this relationship for a variety of reasons (security and ease of maintenance being key) and move the blog into it’s own sub domain.
I wanted to have the facility to just click the update button and have WordPress update automatically rather than have the hassle of applying all the updates manually. In-fact I think that one of the reasons there are so many insecure WordPress installations is that manually updating the core and the plugins can be very time consuming.
I really had no idea that getting WordPress to update from the admin using SFTP would take me so long. I even ended up pokeing around in the code to see what was going on…
Eventually I found the SSH SFTP Updater Support plugin which works like a dream. I think it’s quite odd this isn’t built in, especially as keeping code up-to-date is so important.
Don’t forget to include the SFTP/SSH port 22 on the end of the hostname.