To prevent a website from changing its source code set user = nobody in its pool config, that can be /etc/php/8.3/fpm/pool.d/slogpost.conf for example:
[slogpost]
user = nobody
group = slogpost
listen = /run/php/www-slogpost.sock
include=/etc/php/8.3/fpm/socket-owner.conf
pm = ondemand
pm.max_children = 10
pm.start_servers = 0
pm.min_spare_servers = 0
pm.max_spare_servers = 1
pm.max_requests = 500
slowlog = /var/log/php-my/$pool.slow.log
request_slowlog_timeout = 5s
request_terminate_timeout = 300s
chdir = /
To enable direct updates with
define('FS_METHOD', 'direct');
set user = slogpost.
and reload the configuration
sudo service php8.3-fpm reload
Another alternative can be updating with SFTP:
define( 'FS_METHOD', 'ssh' );
define( 'FTP_BASE', '/home/user/wordpress' );
define( 'FTP_PUBKEY', '/home/user/.ssh/id_rsa.pub' );
define( 'FTP_PRIKEY', '/home/user/.ssh/id_rsa' );
define( 'FTP_USER', 'user' );
define( 'FTP_HOST', 'localhost:22' );
but it requires generating SSH keys with ssh-keygen.
