WordPress updates with SSH2 in Ubuntu 16.04

I’ve had a few issues upgrading WordPress recently. I thought I was going mad, but it turned out to be a really annoying bug.

Recently, I upgraded my virtual private server (VPS) to the latest Ubuntu release (Ubuntu 16.04). I did this for two reasons.

First, it’s good to be on a recent release, and Ubuntu 16.04 is a long term support (LTS) release, meaning it’s supported for longer than other Ubuntu releases, and aimed more at stability for things like servers, rather than all-new features which might be a bit sharp around the edges.

Second, Ubuntu 16.04 came with PHP7 out of the box, which provides drastic performance improvements which, on a VPS, is very useful as CPU resources can be a little constrained.

It also gave me a chance to burn the old install to the ground as over the past three years or so, I’d tested a lot of things out on it and I wanted everything to be nice and uniform, putting into practice some of the things I’d come up with along the way, like my automated website creation script.

Anyway, on my Ubuntu 14.04 install, which used PHP 5.6, I had automatic updates set up on my WordPress installs. They worked nicely and provided good security, as I used SSH2 for the updates, meaning the files and folders the WordPress install lived in were not modifiable by the web server itself.

I host multiple websites on my server, and to enhance security, each site is owned by a different local user, and each database has its own user, so if one site is compromised, it’s harder to compromise the rest.

The web server shouldn’t really have write access to local files, but it needs write access to update WordPress automatically. By using SSH2 for WordPress updates, the web server can get the access it requires without having direct rights. It works well.

The problem is, it’s broken in PHP7. No matter what I did, I could not get updates to work. I came across various error messages, and after a lot of hunting around and double-checking, I was sure it wasn’t because I was doing anything wrong.

And it turns out I was right to be sure. A problem with the php-ssh2 breaks updates for WordPress. If you have this problem, you’re probably not going mad. Fortunately, I can offer a solution: SSH SFTP Updater Support.

This plugin uses a different library and I found that once I’d uploaded the plugin manually and activated it, my updates worked perfectly, first time (because my settings were correct, obviously!)

Once I’d fixed this, I decided to see if I could find any more information about this package, so I had a look at the information attached to the package in my installation:

php-ssh2

So this is an unreleased git snapshot and should be used with caution? Doesn’t seem like the kind of package that should appear in a long term support release…