WordPress Secure Update: Installation with SSH Key on Ubuntu

What will you learn in this guide?

This guide removes the FTP screen that appears when installing themes and plugins in WordPress.
With an SSH key instead of FTP, you establish a more secure update infrastructure.
You also reduce risk by separating file ownership from the web service.

🧠 Technical Summary

Main technical topic: SSH keyed update installation for WordPress on Ubuntu.
Problem: FTP is insecure and poses a www-data wide permissions risk.
Solution: Create separate user, generate SSH key, tighten permissions, run WordPress via SSH.

1️⃣ Create new system user for WordPress

sudo adduser wp-user

This command creates the wp-user account that will manage WordPress files.

2️⃣ Separate ownership of WordPress files

cd /var/www/html
sudo chown -R wp-user:wp-user /var/www/html

This process migrates WordPress files to wp-user account instead of www-data.

3️⃣ Generate SSH key pair

sudo su - wp-user

This command switches to wp-user account.

ssh-keygen -t rsa -b 4096

This command generates a 4096 bit RSA key.

Select /home/wp-user/wp_rsa as the key path.

Leave the password field blank.

exit

With this command you will return to your normal user account.

4️⃣ Secure key permissions and SSH folder

sudo chown wp-user:www-data /home/wp-user/wp_rsa*
sudo chmod 0640 /home/wp-user/wp_rsa*

These settings ensure that the keys are read only by the necessary parties.

sudo mkdir /home/wp-user/.ssh
sudo cp /home/wp-user/wp_rsa.pub /home/wp-user/.ssh/authorized_keys
sudo chown -R wp-user:wp-user /home/wp-user/.ssh
sudo chmod 700 /home/wp-user/.ssh
sudo chmod 644 /home/wp-user/.ssh/authorized_keys

These commands activate SSH login and set the permissions to a secure level.

5️⃣ Set WordPress to update with SSH keys

sudo nano /var/www/html/wp-config.php

This command opens the WordPress configuration file for editing.

Add the following to the bottom of the file:

define('FTP_PUBKEY','/home/wp-user/wp_rsa.pub');
define('FTP_PRIKEY','/home/wp-user/wp_rsa');
define('FTP_USER','wp-user');
define('FTP_PASS','');
define('FTP_HOST','127.0.0.1:22');

These settings direct WordPress to write files via local SSH instead of FTP.

6️⃣ Restart the web server

sudo service apache2 restart

This process enables the new configuration to come into effect.

❓ Frequently Asked Questions (FAQ)

1. Why should I use an SSH key instead of FTP? FTP does not encrypt data. SSH is encrypted and more secure.

2. What causes the “Public and Private keys incorrect” error? Generally, the permissions are incorrect. .ssh should be 700.

3. Does this process affect site speed? No. It only works in administration panel installations.

4. Can I write IP instead of localhost in FTP_HOST? You can. For security, 127.0.0.1 is better.

5. Does this setup also work on Nginx? Yes. Nginx service restart changes instead of Apache.

Result

With this setup, WordPress updates are safer. Password risk decreases and file permissions remain more controlled. You can easily implement the same scheme in the GenixNode infrastructure 🚀

What will you learn in this guide?​

🧠 Technical Summary​

1️⃣ Create new system user for WordPress​

2️⃣ Separate ownership of WordPress files​

3️⃣ Generate SSH key pair​

4️⃣ Secure key permissions and SSH folder​

5️⃣ Set WordPress to update with SSH keys​

6️⃣ Restart the web server​

❓ Frequently Asked Questions (FAQ)​

Result​