What permissions should be on a plugin's folder in wordpress? - php

When I extract a plugin's zip file into the wp-content/plugins/the_extracted_plugin directory, it shows the file permissions:
//Permissions I see for the newly installed plugin (installed manually via zip-file-extraction)
drwxr-sr-x
But when I look at the pre-installed plugin akismet, I see the permissions:
//Permissions of Wordpress-pre-installed plugin
drwxrws---
Which is the correct one? What would be the default permissions if I'd installed via the Wordpress Admin interface (i.e., in the browser, go to plugins->add new)?
What permissions do most plugins expect? Do they expect write permissions to their own folders?

755 Owned by www-data:www-data , or whatever your webserver-user:webserver-group are.
If you want to be strict, and don't care for FTP or teams, 700 will be fine, as well.
that's : drwxr-xr-x or drwx------ - if you want to be really strict.
They don't need write access to themselves, because the 7 will give the script that updates/uses them write access - that is, only the one user needs write access - and that user is the web-server, which the wp-admin acts as when logged in to the panel.

Related

php writes files that I can't access - windows IIS

I have a php page that writes files onto my local PC, into a specific folder named UploadedImages. This all works fine. The problem is that when I go to look at the file (always an image file -- a .png in this case), and double-click it, windows says I don't have permission to view it. Again, file permissions on the UploadedImages folder is wide open (Everyone -> Read/Write), and my login account has Full Control, and my login account is the Owner of the folder.
If I right-click the file and go into permissions, it shows that I have no permissions on the file. I can go in and grant myself ownership and permissions, then view it -- but it makes no sense that I have to do this every time.
How can I permanently solve this so that every file my php script writes into that folder I have automatic/full access to it?
I am running Windows 10, IIS 10.0 and PHP 5.6.11. It appears that IUSR account is getting the permissions, but why would I (the ADMIN on the folder) have all my rights revoked just because php writes a file there? Thank you.
One of solutions is try to run web server under certain user (not admin) to which you have full access rights.
Second possible solution: maybe your virtual host config contains directive which force server to work under admin or user to which you dont have access - try to change it.
#SweatCoder: You said:
Again, file permissions on the UploadedImages folder is wide open (Everyone -> Read/Write), and my login account has Full Control, and my login account is the Owner of the folder.
[...]
If I right-click the file and go into permissions, it shows that I have no permissions on the file. I can go in and grant myself ownership and permissions, then view it
This is what's called "inheritance". You need to set inheritance on the folder, so permissions on files are inherited from the parent directory.
//edit: see the icacls help information in cmd.exe:
icacls /?

What are the best practices setting file permissions for a PHP website on Apache2/Linux (LAMP)?

What is the minimum permissions to set the site files to, in order to allow apache2/php to execute code, show html/css/js, and for some files update settings download and install plugins.
The websites I am building are either Drupal or Wordpress.
I'd like to set permissions so that www-data has the minimum permissions and the admin (which is me for now) has permissions to allow him to do tasks from an SSH session without needing sudo.
[Edit]
I'd like to add that I have full access to the LAMP server via SSH. What I am after is the most restrictive and hence the most secure way to set user and group permissions, so in short:
What group
What owner
What permissions
For all site files for say a wordpress
In order to achieve
Apache can access the files and execute PHP
For some special files or folders the Wordpress should be able to change
The admin can easily change files without having to use sudo
Mostly the directory should have the permission set to 755. If you set it to 777 then the files can be written there. Files should be, at most, 664. If you use the WP editor, you might need these files to be 666 but you really should revert them back to 664 after making any changes. Never specify files greater than 666 unless specified.
Some hosting only allow uploads on 777 permission only avoid such and try contacting hosting for this.
See at https://codex.wordpress.org/Changing_File_Permissions

WordPress admin media upload permission

I have a access to the server where many wordpress blogs are hosted. Initially the permission to uploads folder were set to 777(Recursively) but this caused problems to our server and malicious files where uploaded due to which our server is blacklisted.
I have deleted all those PHP files under uploads folder and set the permission to 755.
Now the problem is that the admin users to wordpress blogs/sites unable to upload media files.
Please guide me what I can do so that they can upload files (images or videos).
Can we set something which will ask FTP details when they upload files using wordpress admin. I can create FTP users for this.
Please Guide.
Not sure what type of error you are getting. But you can try this
add this line to
define('UPLOADS', 'wp-content/uploads');
wp-config.php
just before below line
require_once(ABSPATH.’wp-settings.php’);
If the directory doesn’t already exist, WordPress will automatically create it as long as the wp-content folder is writeable.
Hey I just set the Permission to chmod -v 747 uploads and it worked. Atleast better than 777.
But would like to here suggestion if this is risky. If risky then how much. I am new to permissions and server management.
Thanks !
I know this is an old thread but I found it high in the results for an unrelated issue I am having. It seemed by the permission modes being used #vanurag was actually having a user/group permissions issue rather than the permission modes (755 vs 777) issue.
You can find the web server user with var_dump(whoami()) in php, could be something like www-data.
Once know the user name verify that user is either the owner of the folder or is in the group assigned to the folder. You can use the following in Linux console to find current user/group.
ls -l /path/to/wp-content/uploads
Either add the web server user (www-data) as the owner and leave the group as it is or add the user to the group who have permissions.
Use chown (change owner) to set your users to your needs.
I usually add the user to the group rather than change the owner since the owner could be an FTP user and may mess up permissions used else where in your configuration.
usermod -g www-data foobar where foobar is the name of the group who has permissions to the uploads folder.
Here is a decent article on this issue in respect to WordPress uploads folder.
https://www.digitalocean.com/community/questions/proper-permissions-for-web-server-s-directory

IIS or IIS_IUSRS permisions so that PHP can write files for WordPress

I'm running IIS 8 on a virtual machine (Windows Server 2012 Datacenter) in Azure. I have installed WordPress and its dependencies using the Web Platform Installer 4.6
I have trouble when WordPress needs to write files from its admin console. I've added the ftp details to the file C:\inetpub\wwwroot\blog\wp-config.php and that works fine. But whenever WordPress tries to write a file from its management web page, for example to create a child theme or to upload media I got an error (e.g. 'failed to upload due to an error' or 'Target child theme directory cannot be created. This is probably a permission error'.)
I can fix this using EvilDr's idea of adding permissions to the IUSR account. But I am nervous about this since it seems that IUSR and should only have access to precisely what it needs; it should never be given access to anything else.
Is giving IUSR read Modify, Read & execute, List folder contents, Read, and Write permissions for the WordPress directory C:\inetpub\wwwroot\blog and its subfolders the correct and safest way to get WordPress working on IIS 8?
Giving NETWORK SERVICE write permission to the folders that WordPress needs to write to should do the trick.
UPDATE: NETWORK SERVICE will also need Read & execute, List folder contents and Read permissions.
EDIT:
Thought I'd add the file/folders etc.. for completeness:
/wp-config.php
/wp-content/ (recursively)

wamp + wordpress: failed to open stream: Permission denied in

I have WAMP and WordPress installed. I am trying to install a new theme. After copying it to the themes folder, when entering the themes admin panel to activate the theme I get the error:
Warning: fopen(C:\wamp\www/wp-content/themes/enfold/style.css): failed to open stream: Permission denied in C:\wamp\www\wp-includes\functions.php on line 3666
It looks like that:
And below that the page continues to render.
Have no clue why this is happening.
In my case the theme folder (and the files in it) was read only and it was also encrypted.
Right click on the folder-->Properties , make sure Read-only is not selected, then click Advanced button, make sure "Encrypt contents to secure data" in not selected, hit OK and then OK again, "Apply changes to this folder, subfolders and files". That should do it:)
Check your file/folder permissions for wp-content and the theme you uploaded.
See Changing File Permissions « WordPress Codex
Typically, all files should be owned by your user (ftp) account on
your web server, and should be writable by that account. On shared
hosts, files should never be owned by the webserver process itself
(sometimes this is www, or apache, or nobody user).
Any file that needs write access from WordPress should be owned or
group-owned by the user account used by the WordPress (which may be
different than the server account). For example, you may have a user
account that lets you FTP files back and forth to your server, but
your server itself may run using a separate user, in a separate
usergroup, such as dhapache or nobody. If WordPress is running as the
FTP account, that account needs to have write access, i.e., be the
owner of the files, or belong to a group that has write access. In the
latter case, that would mean permissions are set more permissively
than default (for example, 775 rather than 755 for folders, and 664
instead of 644).
To get WordPress and WAMP to automatically set permissions for a new theme, use the Admin area of WordPress to upload and install the theme. See Appearance>>Themes>>Use the Add New button.

Categories