This guide explains how to create SFTP and SSH users with authority to transfer files to and from your server and includes instructions regarding:

  • Creating and managing SFTP and SSH users for your WPMU DEV hosting account
  • Allowed SSH Commands
  • Disabled functions – php.ini
  • Disabled functions – php CLI
FILE MANAGER

Your Hosting panel now includes a File Manager utility in case you don’t really want to use SFTP or SSH. See the Tools > Files guide for more.

4.1 SFTP and SSH users

Link to chapter 1

SFTP/SSH users are required to connect to a WMPU DEV hosted site using an FTP client or terminal application.

SFTP vs SSH

SFTP and SSH users connect to servers using the same security protocol, so neither is more or less secure than the other. Both SFTP and SSH users can connect to a server and edit files using an FTP client like Filezilla or Cyberduck.

However, whereas SFTP users require an FTP client to connect, SSH users can connect to a server using the WordPress command line interface, wp-cli. In simple terms, SSH users need no special software to connect to a server and have access to a powerful set of commands not available to SFTP users.

Therefore, if your site manager isn’t skilled at working in the wp-cli, you do not need an SSH user.

Do I need an SFTP/SSH user?

The rules of thumb are:

  • If you don’t know whether or not you need an SSH user, then you don’t.
  • If you need to move files to or from your site using anything other than the built-in WordPress tools– a file that exceeds the file size limit of the WordPress uploader, for example– you will need an SFTP user to do so.
  • If you can achieve your goals using the file transfer tools built into WordPress, you don’t need either.
IMPORTANT

SFTP/SSH users are site-specific, which means users created for Site A cannot access Site B or any other site, including different sites attached to the same member account. Staging sites, for example, require their own SFTP/SSH users even if the production sites from which they are pulled already have existing SFTP/SSH users. Users created for multsite networks can transfer files to and from any subsite of that network, but only sites within that network.

4.1.1 Creating SFTP/SSH Users

Link to chapter 1

Begin by selecting a site in Hub 2.0. From that site’s dashboard, click Hosting and then SFTP/SSH to access the SFTP/SSH Accounts screen.

Locating the SFTP-SSH tab

The page includes the SFTP/SSH connection information for the current site and a list of the existing SFTP/SSH users. From this screen members can create and delete users or change the password(s) for existing users.

The information displayed includes:

  • Connection Address (Host) – This is the URL used by WMPU DEV internally to identify your site and is the required URL for SFTP/SSH connections. Many FTP clients refer to the Connection Address as the Host.
  • Port number – The port associated with this site.
  • Username – The username(s) of both SFTP and SSH users that have been created for this site. If no users have been created, the list will be empty.
  • Environment – During creation, SFTP/SSH users are given access to either a production (live) site or a staging site, and that status is displayed here.
  • Type – These users are either SFTP or SSH, and that designation is displayed here.
  • Path Restriction – The access granted to SFTP/SSH users can be restricted to certain areas of a site’s file structure. This label indicates the type of restriction, if any, has been placed on the user. The label None indicates a user with no restrictions and with access to all site files.
  • Connection Info – A convenient link created to simplify the configuration necessary to connect to a WPMU DEV hosted site via SFTP/SSH.
  • Edit Password (pencil icon) – Click the pencil icon to access the edit password modal. SFTP/SSH user passwords can be changed as necessary, but user names cannot changed after creation.
  • Delete – Click the trash icon to open the delete user modal.

Click the Add User button and choose SFTP User or SSH User from the drop-down menu.

sftp ssh user drop down menu

In the modal that appears, enter a username and password in the fields provided. Use the strong password that is automatically generated or enter custom password.

Create SFTP SSH popup

MODIFYING SFTP/SSH USERS

SFTP/SSH user passwords can be changed as necessary, but the username, restriction, and environment selected when a user is created cannot be modified later. Fortunately, users can be deleted and new users with new access rights can be created at any time.

Path Restriction

SFTP/SSH users can be restricted to specific folders within the WordPress file structure. This might allow, for example, a graphic designer to access the Uploads folder where images are stored, while preventing that person from accessing files elsewhere.

SFTP SSH path restrictions drop-down

Use the Path Restrictions drop-down menu to determine the scope of a new user’s access as follows:

  • None – No restrictions. User can access all site files
  • wp-content – Grants access to the wp-content folder, which contains all uploaded files, plugin files, theme files, the site index, and language files
  • Plugins – Grants access to the Plugins folder only
  • Themes – Grants access to the Themes folder only
  • Uploads – Grants access to the Uploads folder only

Environment

WPMU DEV members whose sites we host can create a staging copy of any production site where changes can be implemented and tested before they go live. Production sites and staging sites require separate SFTP/SSH users.

Use the Environment drop-down menu to associate the new user with the correct environment.

production or staging drop down menu

When you’re ready, click Add and the new SFTP/SSH user will be created.

4.1.2 Connection Info

Link to chapter 1

The following information, located near the top of the SFTP/SSH Accounts page, is required to connect SFTP/SSH users to a site:

  • Connection Address (Host) – This is the URL used by WMPU DEV internally to identify the current site, and is frequently referred to as the Host or the Host Address. Regardless of how many domains may be associated with a given site, the Connection Address/Host displayed on the SFTP/SSH Accounts page is the only URL that can be used to connect to that site via SFTP/SSH.
  • Port number – The port associated with the current site.
  • Username – The username for the SFTP/SSH user being connected.
  • Password – Click the pencil icon next to any SFTP/SSH user to view that user’s password.

These credentials must be entered into the relevant fields in an FTP client to connect to the site, as shown in this Filezilla example.

Connection fields from Filezilla

Quick Connect Link

Click the Connection Info icon next to any SFTP/SSH user to reveal a quick link created for that user.

sftp ssh connection info button

The quick link, when copied into an FTP client or terminal application, identifies the site and the user to be connected.

sftp ssh connection quick link

The site’s port and SFTP/SSH user password are still required when using the quick link.

4.2 Allowed SSH Commands

Link to chapter 2

Here is a list of all of the SSH commands we allow:

  • ?
  • agrep
  • awk
  • basename
  • bunzip2
  • bzip2
  • cat
  • cd
  • clear
  • col
  • colrm
  • column
  • composer
  • cp
  • curl
  • cut
  • date
  • du
  • echo
  • egrep
  • expand
  • fgrep
  • fmt
  • fold
  • gettext
  • git
  • git-receive-pack
  • git-shell
  • git-upload-archive
  • git-upload-pack
  • grep
  • gunzip
  • gzip
  • head
  • help
  • iconv
  • join
  • less
  • ll
  • ln
  • look
  • ls
  • man
  • mkdir
  • more
  • mv
  • mysql
  • mysqldump
  • nano
  • nl
  • npm
  • pager
  • paste
  • perl
  • php
  • ping
  • pr
  • rm
  • rsync
  • scp
  • sed
  • sort
  • tail
  • tar
  • touch
  • tsort
  • uname
  • unexpand
  • uniq
  • unzip
  • vi
  • vim
  • wc
  • wget
  • wp
  • zcat
  • zgrep
  • zip

Also please note we don’t allow pipes or redirects.

4.3 Disabled functions - php.ini

Link to chapter 3

Below you will find a list of disabled functions on our hosting.

  • exec
  • shell_exec
  • passthru
  • system
  • proc_open
  • popen
  • show_source
  • posix_kill
  • posix_mkfifo
  • posix_setpgid
  • posix_setsid
  • posix_setuid
  • posix_getpwuid
  • posix_uname
  • pclose
  • dl
  • disk_free_space
  • diskfreespace
  • disk_total_space
  • proc_close
  • proc_get_status
  • proc_nice
  • proc_terminate
  • symlink
  • link
  • escapeshellarg
  • escapeshellcmd
  • highlight_file
  • lchgrp
  • lchown
  • prog_get_status
  • getmypid
  • getmyuid
  • getmygid
  • getrusage
  • getmyinode
  • get_current_user
  • libxml_disable_entity_loader
  • pcntl_alarm
  • pcntl_fork
  • pcntl_waitpid
  • pcntl_wait
  • pcntl_wifexited
  • pcntl_wifstopped
  • pcntl_wifsignaled
  • pcntl_wifcontinued
  • pcntl_wexitstatus
  • pcntl_wtermsig
  • pcntl_wstopsig
  • pcntl_signal
  • pcntl_signal_dispatch
  • pcntl_get_last_error
  • pcntl_strerror
  • pcntl_sigprocmask
  • pcntl_sigwaitinfo
  • pcntl_sigtimedwait
  • pcntl_exec
  • pcntl_getpriority
  • pcntl_setpriority
  • putenv
  • opcache_get_configuration
  • opcache_get_status

4.4 Disabled functions - PHP CLI

Link to chapter 4

Below you will find a list of disabled functions on our hosting.

  • shell_exec
  • passthru
  • system
  • show_source
  • posix_kill
  • posix_mkfifo
  • posix_setpgid
  • posix_setsid
  • posix_setuid
  • posix_getpwuid
  • posix_uname
  • pclose
  • dl
  • disk_free_space
  • diskfreespace
  • disk_total_space
  • proc_get_status
  • proc_nice
  • proc_terminate
  • symlink
  • link
  • escapeshellcmd
  • highlight_file
  • lchgrp
  • lchown
  • prog_get_status
  • getmypid
  • getmyuid
  • getmygid
  • getrusage
  • getmyinode
  • libxml_disable_entity_loader
  • pcntl_alarm
  • pcntl_fork
  • pcntl_waitpid
  • pcntl_wait
  • pcntl_wifexited
  • pcntl_wifstopped
  • pcntl_wifsignaled
  • pcntl_wifcontinued
  • pcntl_wexitstatus
  • pcntl_wtermsig
  • pcntl_wstopsig
  • pcntl_signal
  • pcntl_signal_dispatch
  • pcntl_get_last_error
  • pcntl_strerror
  • pcntl_sigprocmask
  • pcntl_sigwaitinfo
  • pcntl_sigtimedwait
  • pcntl_exec
  • pcntl_getpriority
  • pcntl_setpriority
  • opcache_get_configuration
  • opcache_get_status

4.5 Modifying PHP with .user.ini

Link to chapter 5

WPMU DEV members can modify some php settings with a .user.ini file, which is a simple text file you create and place within the WordPress root directory.

A .user.ini file only impacts the PHP settings for the directory in which it exists and that folder’s sub-directories, making it a safe alternative to modifying php.ini files.

A .user.ini file can modify PHP settings within any system-wide limitations but cannot be used to circumvent those limitations. For example, a .user.ini file can be used to adjust the allowed maximum size for uploaded files, but cannot be used to exceed the maximum of 128MB established by the system-wide PHP settings.

There are many variables that can be modified, including:

  • max_execution_time
  • max_input_vars
  • post_max_size

If you are uncertain if the PHP setting you wish to modify is allowed, contact WMPU DEV 24/7 support.

4.5.1 Creating a .user.ini file

Link to chapter 5

The easiest way to add a .user.ini file to the public_html directory is to create and upload a simple text file with an FTP client. Filezilla is used here, but the process is essentially the same for other popular FTP clients.

Open your FTP client and connect to your site. If you need help with that, follow the guidance provided in the Connection Info section of our SFTP/SSH guide.

Open the public_html directory, and right click, or control click on a Mac, anywhere within the file list area and click the Create new file option.

create .user.ini file for ftp

Name the file .user.ini, being sure to include the period before the word user.

name the file .user.ini

Right click the new .user.ini file and click View/Edit to open the file in your FTP client’s editor. Insert your PHP settings directives, then save and upload the file. It may take a few minutes for the settings to propagate.

open .user.ini to make changes

Insert your PHP settings directives, then save and upload the file. It may take a few minutes for the settings to propagate.

example .user.ini file

4.5.2 Verify PHP with phpinfo.php

Link to chapter 5

If you wish to view both the default system PHP settings and your local settings, you may do so by creating a file within the public_html directory in the same manner described above, only name the file phpinfo.php. Paste this single line of code into the file, then save and upload:

create phpinfo.php file in ftp

Next, enter your URL, followed by the extension /phpinfo.php, into a browser.This will retrieve a report that shows which PHP build is running, some information about your server and both the system and local PHP settings. You can also compare your local settings to the default php.ini settings by checking the Local Value and Master Value columns under the various section headings.

view php settings with phpinfo file

It’s a good idea to remove the phpinfo.php file from your site after you’ve viewed the report. As long as the file exists, that report can be produced by anyone from any browser.