When WordPress is properly locked down on your server, you are often unable to automatically update the plugins or themes on your site. The problems comes in when WordPress looks to see if it is able to write to the file system. Since it can’t modify it’s own files, it requests access to the FTP server running on your web-server. My sites NEVER have a FTP server running on them for simple security reasons, so updating via FTP is not an option.
Each of my sites are locked down with the below commands. The first line modifies the file system to allow only the Owner & Group to have modify access to each file or directory. All other users only have read access. The second line changes all files and directories so to be owned by root and the root group. The 3rd line grants owner and group permissions to the user www-data; the Ubuntu default webserver user.
chmod -R ug=rwX,o=rX chown -R root:root /var/www/example.com chown -R www-data:www-data /var/www/example.com/wp-content/plugins \ /var/www/example.com/wp-content/themes /var/www/example.com/wp-content/upgrade \ /var/www/example.com/wp-content/uploads
So now that your site is locked down, you can’t update the plugins or themes, well; that’s where this next part comes in.
If you add the below lines to your wp-config.php file, it will tell WordPress to ignore checking it’s files to see if they are modifiable, and to just try updating the plugin or theme. This will allow you to update a plugin or theme by using the auto update method build directly into WordPress.
Add the following to your wp-config.php file, just above the
/* That's all, stop editing! Happy blogging. */ line.
// Allow auto updating define('FS_METHOD', 'direct');
This change will not allow you to update WordPress Core as the webserver still dose not have access to modify the core files. I suggest you update via SVN or GIT on a nightly bases to ensure you always have the latest version of WordPress running.