cannot upload – check permissions

  • I installed a new site v3.9.2
    I login and see there’s an update to v4, so i do it.

    First i discover there’s no built-in Maintenance Mode option, which is very odd, so i install plugin “wp-maintenance-mode”.

    But i cant upload any images!
    i keep getting a message about /uploads/2014/09 cannot be created, check permissions…

    After spending way-too-much time reading and trying numerous solutions, i achieve success by logging into my hosting company control panel, and using their file manager to change ‘wp-content’ to 777(all folders and subfolders).

    All other combinations of permissions, to parent and/or subfolders, and trying to do it via ftp (cuteftp and filezilla) DID *NOT* WORK ! ! ! !

    Now i’m left thinking this is seriously unsecure. I think my site will be hacked within minutes. Why are there problems with a fresh installation? why is this very common problem not FAQ’ed? Why soooo many wrong solutions out there? Can I expect this level of difficulty at every stage going forward?

    My question here is Should i change the permissions back to 755?
    Will it break the uploads again (dont have time to test now)? How bad a security risk is it to leave it on 777?

Viewing 6 replies - 1 through 6 (of 6 total)

  • Permissions is a server configuration issue, not specifically a WordPress issue (although it dramatically impacts what WordPress can and can’t do).

    I would be talking to my host about it.

    You should ask your hosting. They have blocked uploading files for some reason

    Thread Starter BigJonMX

    (@bigjonmx)

    Oh dear! (to the misguided replies!!!!)
    Permissions given to files and folders depends on their purpose. They have nothing to do with the hosting company. The ‘server configuration’ is most likely the default settings given during installation of the server software.
    It is up to the developer – of WordPress in this case – to decide what permissions to set. A balance between accessibility and usability.

    My fresh and default installation of v3.9.2 was hacked within a few days! I dont have time yet to read hours of documentation about WP. I was hoping some one here would already know the correct perms to set, and why the default are not working.

    I am reinstalling a fresh v4 and i will investigate if this is a bug of wp, or an error introduced by the ‘wp-maintenance-mode’ plugin.

    Any time saving assistance would be appreciated.

    Thread Starter BigJonMX

    (@bigjonmx)

    So i just installed v4. All good, followed instructions, done.
    I’ve just tried to upload a picture and ‘unable to create directory’

    I changed wp-content to 777 and a picture upload worked.
    i changed it back to 755 and another upload worked.

    so it seems its the creation of folders that is causing problems.
    note: installing plugins (and the associated folder/file creation) works just fine.

    can anyone enlighten me on why this is / how to correct it?
    thanks.

    update – i just changed ‘uploads’ to 777.
    If anyone knows the ‘right’ way please share…

    Is WordPress running under it’s own user account by chance? Is it’s user account assigned to your account’s group so as to have the same permissions? If so, 775 would be an okay setting. Definitely better than 777.

    Thread Starter BigJonMX

    (@bigjonmx)

    Thanks for the reply: i tried 775 but it didnt work. Only 777 allowed folders to be created.

    It does appear to be the user account:
    + WordPress operates under user www-data.
    + When we created new users (accounts) via webmin, we’ve created a new group “with same name as user” – this has given us the highest security (at least minimum chance of cock-ups).
    So it seems we need to add the apache www-data to the new user’s group.
    i’ve asked some linux boys if this is correct…

    I am surprised that WP doesnt have this info somewhere, as so many people suggest just changing folders to 777 – which of course is a major security hole…

Viewing 6 replies - 1 through 6 (of 6 total)
  • The topic ‘cannot upload – check permissions’ is closed to new replies.