WordPress does support making connections using SSH (aka SFTP) via the built in updater system. It got this support in version 2.7, approximately 6 years ago. Reference: https://core.trac.wordpress.org/ticket/7690
If you’re not seeing it in the normal “credentials” screen, then this is because your PHP installation lacks the support necessary for it to be able to it. WordPress cannot talk “ssh”, but it can use the PHP “ssh2” extension to do it, if that extension is available.
There are two prerequisites for using SSH in WordPress.
-
First, the PHP installation must have the ssh2 extension loaded or
otherwise compiled in. You can get this via pecl if you don’t have
it available. In some cases, you may need to recompile your PHP or
use a custom one if your host doesn’t support it. Most don’t, which
is why you don’t see it by default. -
Second, the
stream_get_contentsfunction must be available. This
is usually the case, but on some hosts, it may not be there. Check
first. The built in code also checks for both of these, so if they
are not available, then it will simply fail the check and you don’t
get the ssh option.
If you have both of these conditions correct, then the normal connection screen should automatically display some new fields for you. This includes an “SSH2” option, and fields to input paths to a public and private keypair.
Much like the FTP method, you can put in this information every time, if you like, but it’s a lot easier to simply set some constants in the wp-config file.
The constants will look like this:
define('FTP_PUBKEY','/home/user/.ssh/public-key-file');
define('FTP_PRIKEY','/home/user/.ssh/private-key-file');
define('FTP_USER','user');
define('FTP_PASS','passphrase');
define('FTP_HOST','domain.com');
The way you do this is to generate a new ssh keypair specifically for WordPress to use. The public and private keypairs should be stored somewhere on your server for WordPress to be able to read them. The private key can be encrypted by a passphrase, which WordPress will need to know. The public key will need to be added to your “authorized_keys” file for your account.
With all this in place, WordPress will read the private key, use it to connect to the hostname with the specified username using that key. Then it will behave much the same as using normal FTP, except over the SSH connection instead.