How to update WordPress over SSH

You should definitely be updating over an encrypted connection, so with that in mind, let’s proceed.

Run the following command, and answer all the questions.

sudo adduser wp-admin

Next we need to change ownership of the directory, so we run

cd /var/www/html

sudo chown -R wp-admin:wp-admin /var/www/html

Now we create the SSH keys, while logged in as the new user

sudo su - wp-admin

ssh-keygen -t rsa -b 4096

Save them on the server, for example

sudo /home/wp-admin/wp_rsa

Then go back to your normal account with the following

exit

Then we lock down the permissions

sudo chown wp-user:www-data /home/wp-user/wp_rsa*

sudo chmod 0640 /home/wp-user/wp_rsa*

Now we create a new directory, and set permissions for storing the keys to allow remote login

sudo mkdir /home/wp-user/.ssh

sudo chown wp-user:wp-user /home/wp-user/.ssh/

sudo chmod 0700 /home/wp-user/.ssh/

Then we copy the keys over to the new directory

sudo cp /home/wp-user/wp_rsa.pub /home/wp-user/.ssh/authorized_keys

Then we lock down the new files

sudo chown wp-user:wp-user /home/wp-user/.ssh/authorized_keys
sudo chmod 0644 /home/wp-user/.ssh/authorized_keys

Then we lock down to local login only

sudo nano /home/wp-user/.ssh/authorized_keys

Put the following at the top of the file

 from="127.0.0.1"

Now we update the wp-config file, open with the following

sudo nano /var/www/html/wp-config.php

Then add these lines to the file

define('FTP_PUBKEY','/home/wp-user/wp_rsa.pub');

define('FTP_PRIKEY','/home/wp-user/wp_rsa');

define('FTP_USER','wp-user');

define('FTP_PASS','');

define('FTP_HOST','127.0.0.1:22');

Then restart nginx

sudo systemctl restart nginx

Then next time you need to update select ssh enter your new wp-admin user details and you should be good to go.

Before we finish more thing.

As we have locked down the permissions quite tightly you may need to change ownership of the html folder temporarily while running updates, and then reinstate the locked down permissions and you do this by running the following.

Before updating run.

sudo chown -R www-data /var/www/html

Then once your done

sudo chown -R wp-admin /var/www/html