After all, it was already in the question!
Context
Both plugins are related to my WordPress site theme (uplift). I can’t understand what it is doing or where, but when it detects that the owner of the files isn’t its executing user (apache), it changes the access method to FTP.
This action doesn’t seem logical, to me, because even if I do 775 user:apache
(pseudo-code), it doesn’t’ work (it is searching for the owner, not if it has permissions). I could do 575 apache:user
but in that case, apache can run CHMOD, so it is pointless.
Also, this is happening outside of wp-content
. And is not documented by the plugins or theme, which for me, seems a security issue. 0 results for “owner” and “permission” in the documentation.
Solution
Just add define('FS_METHOD', 'direct');
.
With a little precaution! This needs to be added before require_once( ABSPATH . 'wp-settings.php' );
. Why? Again, no idea. However, this is a requirement for several configurations as you can see by the Editing wp-config.php docs page
Cautions
As stated in this answer, using FS_METHOD
can pose a security risk in shared hosting. Not my case, so my investigation ended here.
Missing
Please feel free to answer the following doubts (in the comments or with an answer, I will accept the answer or complement mine, accordingly):
- What is uplift theme doing? Why do they need to check the owner?
- Why does the
FS_METHOD
setting needs to be loaded before thewp-settings.php
page? - What would be the solution for a shared hosting scenario?