You should definitely be updating over an encrypted connection, so with that in mind, let’s proceed.
Run the following command, and answer all the questions.
sudo adduser wp-admin
Next we need to change ownership of the directory, so we run
sudo chown -R wp-admin:wp-admin /var/www/html
Now we create the SSH keys, while logged in as the new user
sudo su - wp-admin
ssh-keygen -t rsa -b 4096
Save them on the server, for example
Then go back to your normal account with the following
Then we lock down the permissions
sudo chown wp-user:www-data /home/wp-user/wp_rsa*
sudo chmod 0640 /home/wp-user/wp_rsa*
Now we create a new directory, and set permissions for storing the keys to allow remote login
sudo mkdir /home/wp-user/.ssh
sudo chown wp-user:wp-user /home/wp-user/.ssh/
sudo chmod 0700 /home/wp-user/.ssh/
Then we copy the keys over to the new directory
sudo cp /home/wp-user/wp_rsa.pub /home/wp-user/.ssh/authorized_keys
Then we lock down the new files
sudo chown wp-user:wp-user /home/wp-user/.ssh/authorized_keys
sudo chmod 0644 /home/wp-user/.ssh/authorized_keys
Then we lock down to local login only
sudo nano /home/wp-user/.ssh/authorized_keys
Put the following at the top of the file
Now we update the wp-config file, open with the following
sudo nano /var/www/html/wp-config.php
Then add these lines to the file
Then restart nginx
sudo systemctl restart nginx
Then next time you need to update select ssh enter your new wp-admin user details and you should be good to go.
Before we finish more thing.
As we have locked down the permissions quite tightly you may need to change ownership of the html folder temporarily while running updates, and then reinstate the locked down permissions and you do this by running the following.
Before updating run.
sudo chown -R www-data /var/www/html
Then once your done
sudo chown -R wp-admin /var/www/html