Auto-update Wordpress on our Windows Hosting

If you have secured WordPress correctly on our Windows hosting then the vast majority of your site should be read only except for special folders like temp/cache folders or where you upload photos or media. However when it comes to updating WordPress using the built in auto-update system these restricted permissions may cause updates to fail as WordPress will not have access to update the core or plugin files.

We do not recommend having your site fully write enabled, it is very insecure and can allow a hacker that has gained write access via a backdoor to then access any file within your site including your WordPress config files rather than being restricted to only a few less important areas.

Luckily there are two ways to update WordPress and any add-ons.

1. Configure WordPress to use FTP for updates instead (recommended)

This method allows WordPress to use FTP to update files and bypass the need to change file permissions.

Add the following lines to the WordPress wp-config.php file in your root folder (just below where the datebase settings are is a good place) and replace the, username and password values with your own where needed, this assumes you have installed WordPress into your root folder and are using the default ftp account auto configured when you opened the hosting.

/**  FTP settings **/
define('FS_METHOD', 'ftpsockets');
define('FTP_BASE', '/');
define('FTP_USER', 'username');
define('FTP_PASS', 'password');
define('FTP_SSL', false);

2. Temporarily change file permissions to allow updated to all files

You can allow temporary write access without loosing any specific write permissions you have set on any special folders.

  1. With your WordPress folder permissions already set securely, browse to the file manager in the hosting control panel.
  2. Click on the padlock icon next to the wwwroot folder, this is where you set specific permissions for individual files and folders on our Windows hosting.
  3. You should see at least two users you can assign permissions for. Find your domain user (the user with the same name as your domain name) and Check/Tick the Write option.
  4. Now the important bit, make sure that "Replace permissions on all child objects" is NOT checked/ticked. This setting will set write permissions on the wwwroot folder without overwriting sub-folders that have their own specific permissions already set. However it will still propagate this setting to all any other sub-folders.
  5. Next perform the WordPress update from within WordPress, it should now have full access to make any changes it needs.
  6. Lastly return back to the file manager and untick the write option on the wwwroot folder, again making sure "Replace permissions on all child objects" is NOT ticked, your previous folder permissions should have remained intact.

You can do this each time you need to perform a WordPress update or install a new plug-in without affecting any other file or folder specific permissions but don't forget to return wwwroot permissions back to read only to remain secure.

  • 10 Users Found This Useful
Was this answer helpful?

Related Articles

Securing your site

Typical attack vectors for hacked sites are the following: Insecure file and folder...

Error : Validation of viewstate MAC failed

If you get the error following error in your .NET app - Validation of viewstate MAC failed. If...

Setting read and write permissions on files and folders (Windows)

On Windows servers file/folder read and write permissions are set via the control panel file...

Information needed to generate a Certificate Signing Request (CSR)

Before reading this guide why not click here to take a look at our selection of wonderfull SSL...

Accessing MSSQL remotely

Remote access to any of our database servers is provided solely for periodic maintenance, backups...