Cloud WP upgrade without s/ftp

When I try to install plugin or theme, I get an s/ftp credential request. To solve this should I:
1. Slog through the setup for vsftpd for SFTP
2. Set in wp-config.php [define (‘FS_Method’, ‘direct’);] AND change /var/www/wordpress/wp-content folder owner:group from root to www-data?

* Already have done (2) and this works, but this could cause a security issue fro what I have read, hence my question.
* If (1), is there a good tutorial, as on-line tutorials are incoherent on this.

O/S: Debian-10
HTTP Server: Lighhtpd
WP Ver: 5.5.3

Source link