Allow WordPress to download themes

As we all know, hosting your own WordPress installation is not as difficult as it sounds like and can save you quite some money in the long run.

But what if you run into a problem? I know i did. When i first setup WordPress on my old server that was using as a hoster i encountered a problem: Although uploading and installing WordPress onto my server was not a big deal i couldn’t get it to download themes and plugins automatically. I would get an error whenever i clicked the “Install” button on a theme or plugin site.

Why did that happen?

Since version 2.6.0 WordPress offers a few ways to download a theme or plugin onto your server. Direct, SSH, FTPEXT and FTPSOCKETS. It will go through these options and if nothing is available it will prompt you with an input field to put your FTP information. You can always set a method explicitly in your wp-config.php located in the root directory of your WordPress installation. The following options are available:

Usually the download works fine out of the box and you don’t need to force any method. But sometimes it can be necessary – depending on your server configuration and if WordPress or rather your web server (for example apache) is the owner of the /wp-content directory in your WordPress installation. WordPress will figure that out by creating a temporary file and then see whether it is the owner of the file or not. You can have a look at the exact procedure over at if you are interested.

How do I make it work?

If you want WordPress to download themes and plugins automatically and without errors again, you just have to make your web server the owner of the directory where you copied WordPress to.

For example, in my case that user is www-data because I’m running Apache2 on an Ubuntu Server. So i just type into my terminal:

The first line gives the ownership for the directory wordpress – assuming your web servers content directory is /var/www/html – to the user www-data.

The other two lines set the appropriate rights for every file (-type f) and directory (-type d) within the WordPress installation folder. In detail, that means every file can be read and written to by your web server while everyone else can just read. Your web server has read/write and execute access to your directories whereas everyone else just has execution rights.


If you try to download a theme or plugin now from your WordPress admin panel, you should see a success message. But be careful with your new won ability. It has been known, that even inactive plugins can cause security flaws and potentially provide an attacker with the information he needs to get into your server. Also, you want to keep an eye out for your storage limit, since an average theme can easily exceed a few megabytes in size.