WordPress has a convenient feature for updating itself and plugins through the Dashboard. Unfortunately it doesn’t support SFTP (SSH FTP), which would be provided by the excellent OpenSSH package. Instead, you’ll need to set up an FTPS (FTP over SSL) server. This short tutorial will guide you through installing a secure FTPS server on Ubuntu 11.10.

Step 1: Install vsftpd
APT (Advanced Packaging Tool) is the software package manager for Ubuntu.

Step 2: Shut down vsftpd
The service will be started immediately after installation. For security reasons, we will shut it down until it is properly configured.

Step 3: Configure vsftpd
Edit /etc/vsftpd.conf and make these suggested changes and additions.

Step 4: Restart vsftpd
Now that anonymous access has been disabled and SSL has been enabled, the FTPS service can be restarted.

Step 5: Create FTPS user
It’s a good idea to create a separate account for updates through the WordPress dashboard. For simplicity, I created a system account with the same username I use for the WordPress admin account. In this example I’m using “ftps”; use whatever username works best for you. The last argument must be the path to the web server directory; ignore the warning about the home directory not belonging to the user. Be sure to give the account a strong password.

Step 6: Add the FTPS user to the www-data group
The new user will need to belong to the www-data group. Again, I’m using “ftps” as the example username.

Step 7: Give the www-data group read/write access
The www-data group will need read/write access to the web server directory.