Opened 10 years ago
Closed 9 years ago
#31535 closed task (blessed) (wontfix)
Shiny Updates: Store FTP Credentials
Reported by: |
|
Owned by: | |
---|---|---|---|
Milestone: | Priority: | normal | |
Severity: | normal | Version: | |
Component: | Upgrade/Install | Keywords: | shiny-updates |
Focuses: | ui, javascript, administration | Cc: |
Description
Branched from #29820.
With the addition of the FTP credentials screen, it'd be nice if we gave the user an option to store their credentials in their wp-config.php
file.
Change History (7)
This ticket was mentioned in Slack in #core by ocean90. View the logs.
10 years ago
#3
@
10 years ago
To follow up on Slack discussion, the idea of this ticket is to add an option to the FTP dialog in #31528 to write the FTP credentials to wp-config.php
, using the constants we already support.
There's still some discussion to be had over whether storing FTP details in plaintext is a security issue or not.
#6
@
10 years ago
This part of the UX seems like something we should look at more in a future release with the MVP for 4.2 here being based around plugins.
#7
@
10 years ago
For the record, my opinion here is that we shouldn't store the password in wp-config.php
or database. My primary concern is that many systems that require FTP are running with PHP as a shared user. Combine that with wp-config.php
having world-readable permissions by default and it's a fast way to compromise all installs on the server.
I believe hosts will continue to make life easier for their customers by not requiring ftp in the first place..
#8
@
9 years ago
- Keywords close added
With the introduction of Shiny Updates V2, the credentials are now stored in the JavaScript, so the user doesn't have to enter them that often anymore (only once per screen when updating multiple plugins).
I wouldn't add these credentials to wp-config.php
either.
We have already this constants:
FTP_HOST
,FTP_PASS
,FTP_PRIKEY
,FTP_PUBKEY
,FTP_USER
,FTP_SSL
, andFTP_SSH
. Do we need more?