I had that on one custom installation I took over where I didn’t want to change anything or rework the whole installation.
The fix was extreme easy.
the WordPress directory was owned by root while apache was running as apache user. WordPress updates are executed by the apache client. So changing the directory to be owned by apache removed the ftp request.
chown apache:apache wordpress
Make sure you apply all other security measures.