Hello This is WeWp Staging Site

How to Connect Composer-Based WordPress with SFTP and SSH

How to Connect Composer-Based WordPress with SFTP and SSH
Saurabh Dhariwal

11 min read

Modern web development tools and protocols are essential for managing WordPress projects efficiently today. All credits to composer-based hosting services come packed with the capabilities to bring WordPress management to your fingertips. Despite that, there is always a question of how to connect Composer-based WordPress with SFTP (Secure File Transfer Protocol) and SSH (Secure Shell) to take the deployment workflows to another level, boost security, and continue to keep up with the code integrity.

To drive most value from the composer based hosting services, you must count your trust on reliable composer based hosting providers like WeWP. 

With composer-based Premium WordPress hosting, you can leverage capabilities to manage dependencies, allowing developers to manage plugins, themes, and core files more efficiently.

However, you can easily deploy and maintain WordPress projects with SFTP and SSH. This allows for securely sending and receiving files and managing servers remotely.

Here’s how to connect a Composer-based WordPress installation with SFTP and SSH, optimizing the development process and ensuring robust deployments.

About Composer 

Composer makes it easy to manage and integrate packages and libraries from external resources into PHP projects. Composer works through a composer.json file that specifies the requirements of your project. Once these dependencies are resolved, composer downloads them and ensures they’re compatible and version-consistent. Using Composer for WordPress allows you to manage the core files, plugins, and themes of your site, making it easier to maintain.

Benefits of Using Composer for WordPress

It provides several benefits for managing and developing WordPress projects, including:

  • Managing Dependencies: Composer handles dependencies automatically so you can manage your WordPress themes, plugins, and core files. By ensuring version consistency and resolving conflicts efficiently, components can be installed and updated faster.
  • Develop in a Modular Way: Composer enables developers to structure WordPress development in a modular way. Separating WordPress core files from custom code, extensions, and themes makes it easier to maintain and update them individually.
  • Version Control: Composer-based WordPress seamlessly integrates with version control systems like GIT, which allows developers to have dedicated control over projects. With version control, you can give the upper hand to collaborative work, code reviews, and rollbacks, leading to reliable and high-quality code.
  • Improved Stability and Security: WordPress projects that manage dependencies with Composer are more secure and stable. By verifying package signatures and installing only trusted code, Composer reduces the risks of security vulnerabilities.

Also Read : What Is Composer-Based WordPress Hosting? What Are Its Benefits?

Importance of SFTP and SSH in Managing WordPress Sites

SFTP and SSH are crucial in looking after WordPress website management as they come with high-end security, efficiency, and control. Here are some crucial reasons SFTP and SSH are essential to WordPress site management:

  • Transferring Files Securely: SFTP simplifies transferring files between your local computer and a secure remote server. This allows you to facilitate the upload of WordPress core files, themes, plugins, and media files.
  • Remote Server Access: SSH allows administrators with a command line interface that makes it ideal to manage WordPress servers remotely. With SSH, server administrators can run commands, make the required changes, and address issues from anywhere.
  • Deployment: The SFTP and SSH protocols provide efficient synchronization of files, the installation of dependencies, and management of configurations. WordPress updates, themes, and plugins deploy seamlessly, minimizing deployment time and downtime.

Top Software and tools to Manage Website

  1. Composer

Composer is essential for working with PHP dependency management, such as WordPress. It allows you to easily integrate third-party libraries into your project and verify that they are compatible. Composer also organizes WordPress theme files, plugin codes, and core files more efficiently. Moreover, it keeps the development and production environments consistent, reducing compatibility risks.

  1. SFTP Client (e.g., FileZilla)

Another crucial software tool is FileZilla on the local service, which ensures the secure file transfer securely to the remote server. With FileZilla, you get an easy position to enjoy the convenience of uploading, downloading, and managing files on your server easily. 

  1. SSH Client (e.g., PuTTY)

SSH clients like PuTTY must access a remote server’s command line interface securely. With SSH clients, you can manage files, run commands, and manage administrative functions securely.

Composer-based WordPress Setup: End to End Process

With Composer, WordPress core files and plugins are manageable and fetched via dependency management. The following are the steps to install WordPress using Composer:

Make a Composer project

Start with creating the new Composer project in your project directory to begin managing WordPress with Composer. To bring it to life, you need to create a composer.json file that ensures the dependencies of your project:

composer init

Make sure you follow the directions to set up your project. Metadata like name, description, and author can be specified for your project. By running the following command, WordPress will be added as a dependency to composer.json:

composer require johnpbloch/WordPress

Using this command, you can include WordPress as a dependency in your project.

Create the directory structure

Keep WordPress core files and your custom code separate in your project directory. Typical structures look like this:

├── composer.json
├── composer.lock
├── web/
│ ├── wp-content/
│ └── index.php
└── config/
└── wp-config.php
  • composer.json and composer.lock: These files set the dependencies of your project and lock their versions.
  • Web/: The wp-content directory contains themes, plugins, and WordPress core files.
  • Config/: The wp-config.php file is located in this directory.

Step 3: Set up composer.json

Make sure your composer.json file specifies custom paths to install WordPress. By doing this, you can keep your directory structure clean and organized. To the extra section, add the following configuration:


Copy code

"name": "my-project",
"require": {
"johnpbloch/WordPress": "^5.7"
"extra": {
"WordPress-install-dir": "web/wp"

WordPress will be installed in the web/wp directory with this setup.

Set up Dependencies

Run Composer to install the dependencies specified in composer.json:

composer install

Depending on composer.json, WordPress will be downloaded and placed in the specified directory by the composer.

Configure WordPress

During setup, WordPress needs to be configured to work with your custom directory structure. Put the WordPress files in the correct location by editing web/index.php:


define(‘WP_USE_THEMES’, true);

require __DIR__ . ‘/wp/wp-blog-header.php’;

Additionally, ensure the config/wp-config.php file links to the WordPress files and content in the correct locations.

Hosting Account with SFTP/SSH Access

Choosing a Hosting Provider

WordPress sites need the right hosting provider to run smoothly and securely. It is important to ensure that the hosting company you choose offers SSH and SFTP access as part of their hosting packages. WeWP, one of the most popular composer based hosting providers, offers these features. Choosing a popular composer based hosting service provider like WeWP ensures you have the latest versions of PHP and other necessary software, is scalable, and provides excellent customer service.

Setting Up SSH/SFTP Access

SSH and SFTP access must be set up once you have selected a hosting provider and created an account. Your server will typically recognize SSH keys when you generate them and configure them. In most cases, composer based hosting providers offer comprehensive documentation or support to assist you during this process. The same keys should be used for SFTP connections after you set up SSH keys to ensure secure file transfer.

Verifying Access

Once you have configured SSH and SFTP access, make sure everything is working properly. Using your terminal or SSH client, log in to your server via SSH and test your SFTP connection. It is important to ensure that these connections work seamlessly as soon as possible so that deployment can proceed without any issues.

Step-by-Step Ways to Connect Composer-Based WordPress with SFTP and SSH

  • Use your user and password to log into the WeWP panel at https://app.wewp.io/
  • Select the website for which you wish to generate an SSH/FTP key
  • Click the sFTP & SSH option on the left-hand side of the screen.
  • In the next step, click the ‘Add SSH Key’ button and type in your public SSH key. When you are finished giving your key a name, click on the ‘Add SSH Key’ button to make your key available for use with SSH key authentication on the server.
  • Now that you have copied the server and site user’s IP addresses from the WeWP Panel, you will have to use your Private Key (the same Private Key you generated your Public Key with) in Terminal or Filezilla to access the server.

Troubleshooting Common Issues

  • Access Denied: Verify that the authorized_keys file on the server has the public key correctly added and its permissions are set appropriately. Typically, authorized_keys files and .ssh directories should have 600 and 700 permissions, respectively.
  • Not Working SSH Key: Make sure the private key is loaded into your SSH agent and your SSH key is configured correctly. SSH agent users can add their private keys using ssh-add.

Best Practices and Security Tips

Variables in the Setting

Don’t hardcode sensitive information in your configuration files, such as API keys and database credentials. Make use of environment variables instead. Managing these variables can be done with the vlucas/phpdotenv package and a .env file. With this approach, sensitive information can be kept out of version control, and configuration changes can be made easily.

Controlling Versions

Version control systems like Git can help you keep track of code changes. This approach allows you to work with others on the same project while managing different versions. Version control should also be applied to composer.json and composer.lock to ensure consistency across environments.

Regular Backups

Maintain a regular backup of your files and database in order to protect your data. You can Automate Backups using cron jobs or third-party services. You need to make sure that backups are stored in a secure space, preferably offsite, so they can be recovered during the time of server failures or data corruptions.


To keep your WordPress site protected, you are required to follow the below-given security tips:

  • File transfers and server access should always be done using SSH.
  • To patch security vulnerabilities, keep WordPress dependencies and server packages up-to-date.
  • Ensure the passwords you use for your databases and other services are strong and unique.
  • Utilize two-factor authentication if possible and limit SSH access to specific IP addresses.
  • Keep an eye out for suspicious activity in server logs regularly.

Also Read : How to Solve the Invalid SSL/TLS Certificate Issue


Composer based WordPress hosting service allows you to get your easy hands to manage your website. By following the best practices, you can conveniently connect with SSH and SFTP. The quality of a composer-based WordPress hosting provider matters, and choosing an expert composer based hosting providers like WeWP is the best choice to deliver you WP hosting services. 

At WeWP, we offer a wide range of composer based WordPress hosting plans that simplify the process of choosing a plan according to your business needs. Whenever you encounter a website problem, our team is available to assist you. Contact us today to choose from the best composer based WordPress hosting services and enjoy convenience to manage WordPress website with managed WordPress hosting plans.

Frequently Asked Questions

SSH access in WordPress allows administrators to easily access the server’s command-line interface securely from anywhere. This makes it simple to execute commands, manage files, and handle administrative tasks securely. Public-key cryptography and encryption make SSH access more secure by safeguarding data and verifying users. The plugin is essential for managing WordPress servers, troubleshooting problems, and updating WordPress.

SFTP clients like FileZilla are needed to access WordPress via SFTP. FileZilla should open after you enter your server’s hostname, password, and username. Port 22 should be set for SFTP connections.

Yes, you retain full SSH capabilities to localhost if the local server is equipped with an SSH server. The SSH server can be configured to allow SSH connections to localhost by using the command line or an SSH client.

The following command can be run at the command prompt or terminal to check your SSH status:

systemctl status sshd

With this command, you can check whether the SSH service on your system is active, stopped, or inactive. Moreover, it displays any recent SSH service activity or errors.

The PuTTY is an SSH client that gives you easy remote access to servers and executes commands. In contrast, SFTP is a protocol that secures file transfers between local and remote machines. The only operation it performs is file transfer.

Our Latest Blogs

Discover insights, trends, and inspiration in our engaging blog space, where knowledge meets innovation.

Blog image

WeWP Updates: Introducing Native WordPress Hosting Options

Struggling to choose the website hosting that makes your work easier to update your website? Here, WeWP takes the entry with introducing Native WordPress hosting to ease updating the WordPress…


24 Jun • 2024

Blog image

Real Cloud Hosting Explained: What It Is and Why It Matters for Your Website

A reliable and efficient online presence is crucial for any business. Did you know that businesses using cloud-based hosting providers experience 50% less downtime? This highlights the importance of choosing…

Cloud Hosting

24 Jun • 2024

Blog image

A Guide to Understanding and Optimizing Cloud Hosting Pricing

Nowadays, cloud hosting services are heavily used by most enterprises for hosting websites. Cloud hosting doesn’t let you share computing power with other websites since you can access more resources….

Floating Icon 1Floating Icon 2Floating Icon 3