WordPress – Error: Could not connect to the server. Please verify the settings are correct.

When you attempt to run the WordPress core updates you receive the following error: “Error: Could not connect to the server. Please verify the settings are correct.”

Check and see if only two settings are available, “FTP” and “FTPS”. A more secure option is SSH2 which is supported by most Apache systems but this option is not visible in WordPress.

In order to add the SSH2 option, you will need to access the server shell and install “php-ssh2“. The command is “sudo apt install php-ssh2“.

Once php-ssh2 is installed, restart the Apache service using: “sudo systemctl restart apache2“.

Go back to WordPress and refresh the page, you should now see the below:

Enter your normal user credentials and select “SSH2” and click proceed. The update should now work as expected. You do not need to enter the authentication keys unless you set these up previously.

If it doesn’t and you receive “Could not create directory. Installation failed.” this means that your folder permissions are not set correctly for WordPress.

In order to fix the file and folder permissions use the following commands:

sudo find . -type f -exec chmod 664 {} +
sudo find . -type d -exec chmod 775 {} +
sudo chmod 660 wp-config.php

Some server configurations do not permit the wp-config.php file to be set to 660, it will result in the site becoming in accessible. If this is the case in your situation, change the permissions to 664 and this should resolve the issue (It adds the “read” permission back for guests).

Filezilla will not connect to server using Secure File Transfer Protocol (SFTP)

Filezilla will not connect to server using Secure File Transfer Protocol (SFTP)

Symptom(s):

Filezilla is unable to connect to the server using the Secure File Transfer Protocol (SFTP), however regular file transfer protocol (FTP) works fine. Additionally, you have confirmed that the required ports for the Secure File Transfer Protocol have been enabled on the firewall. The generic port for SFTP is port 22 and the port for FTP is 21, port 20 may be required if the server is running the ftp services in passive mode.

Solution(s): 

  1. SSH into the server and edit the /etc/ssh/sshd_config file, if your config is in another location you can use the “locate sshd_config” to identify that location.
  2. Once in the file find the following commented out line: #Subsystem sftp /usr/lib/openssh/sftp-server Leave the line commented out, if its not commented, go ahead and comment it out using a hash tag (#).
  3. Below the commented out line add: Subsystem sftp internal-sftp  then reboot the server.
  4. Your Filezilla should now be able to connect.

SSH, SASL, Hackers, and more…

SSH (Port 22 if you haven’t moved it) and the SASL mail authentication will get hammered with Brute force attacks on a regular basis if a system is available on the Internet.  However, there are ways to mitigate these attacks…

Fail2Ban for Linux bases systems does an excellent job of stopping these kinds of attacks.  These instructions are for installing fail2ban on a Ubuntu Server 14.04.

From the Command-Line and a sudo authorized account:

Sudo apt-get update

sudo apt-get install fail2ban

Copy the Config file: sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local

Edit the Config: vi or nano /etc/fail2ban/jail.local

Bantime is defaulted to 600 seconds (10 Minutes), I prefer 1200 (20 minutes) or 1800 (30 Minutes) since most clients that trigger the ban are well deserving.

Maxretry defines how many attempts in Findtime (600 Seconds or 10 Minutes) a user can try to login before triggering the ban.  3 attempts in 10 minutes is a great qualifier for a web server, if its a server in a production environment that has multiple users leveraging ssh, you may want to raise the attempts.

You can then turn fail2ban on for other web services towards the bottom of the configuration file.