EWWW Image Optimizer requires exec().

Yeah, it’s definitely disabled if that’s the output. That disable_functions output is exactly what PHP is configured with. I would check to see if there are any other .htaccess files causing a conflict. Perhaps try putting a phpinfo() file inside the wp-content/ewww/ folder and see if that sheds any light on it. In particular look at the top section of the phpinfo page to see what configs are being used.

That’s interesting. When I put the same phpinfo into the wp-content/ewww/ folder it shows exec() as disabled.

The configs are:-

‘./configure’ ‘–disable-fileinfo’ ‘–disable-phar’ ‘–enable-bcmath’ ‘–enable-calendar’ ‘–enable-ftp’ ‘–enable-gd-native-ttf’ ‘–enable-libxml’ ‘–enable-magic-quotes’ ‘–enable-mbstring’ ‘–enable-pdo=shared’ ‘–enable-soap’ ‘–enable-sockets’ ‘–enable-zip’ ‘–prefix=/usr’ ‘–with-bz2’ ‘–with-curl=/opt/curlssl/’ ‘–with-freetype-dir=/usr’ ‘–with-gd’ ‘–with-gettext’ ‘–with-imap=/opt/php_with_imap_client/’ ‘–with-imap-ssl=/usr’ ‘–with-jpeg-dir=/usr’ ‘–with-kerberos’ ‘–with-libdir=lib64’ ‘–with-libexpat-dir=/usr’ ‘–with-libxml-dir=/opt/xml2’ ‘–with-libxml-dir=/opt/xml2/’ ‘–with-mcrypt=/opt/libmcrypt/’ ‘–with-mm=/opt/mm/’ ‘–with-mysql=/usr’ ‘–with-mysql-sock=/var/lib/mysql/mysql.sock’ ‘–with-mysqli=/usr/bin/mysql_config’ ‘–with-openssl=/usr’ ‘–with-openssl-dir=/usr’ ‘–with-pcre-regex=/opt/pcre’ ‘–with-pdo-mysql=shared’ ‘–with-pdo-sqlite=shared’ ‘–with-pic’ ‘–with-png-dir=/usr’ ‘–with-sqlite=shared’ ‘–with-xmlrpc’ ‘–with-xpm-dir=/usr’ ‘–with-zlib’ ‘–with-zlib-dir=/usr’

But further down I can see:-

disable_functions >>> show_source, system, shell_exec, passthru, exec, popen, proc_open, allow_url_fopen show_source, system, shell_exec, passthru, exec, popen, proc_open, allow_url_fopen

So, what would be causing that do you think?

As regards .htaccess I can’t see anything that is different to any other site I have installed EWWW. In fact except for the custom path to php.ini I could copy the htaccess file to any other domain.

Just to be clear, the phpinfo in the root folder for the domain does NOT show exec in the disable_functions list, right?

And when I was talking about configs, I meant the php.ini files being read, and any other configuration files included, all that information should be near the top. The first one should say “Configuration file loaded”, and the next couple rows will tell you any additional configs loaded.

Then look for any .htaccess files in the /ewww/ folder, then follow it up the chain to the wp-content/ folder, and then the root WP folder.

The ROOT phpinfo shows:-

Configuration File (php.ini) Path /usr/lib
Loaded Configuration File /home/sebiomedical/public_html/php.ini/

The EWWW phpinfo shows:-

Configuration File (php.ini) Path /usr/lib
Loaded Configuration File /usr/local/lib/php.ini

No .htaccess files in any EWWW folders.

And this is the first two lines of .htaccess in the root folder

## SET PATH TO CUSTOM php.ini ##
SetEnv PHPRC /home/sebiomedical/public_html/php.ini

That’s very strange, unfortunately I’m out of ideas on that, so you’d have to check with your webhost. Sometimes the php.ini stuff can get stuck in a cache somewhere, but they would know more about that.

Like I said at the start … weird huh!

I’ll see what the hosting team have to say and will report back as it may help others.

Oh, and for the record. I duplicated the phpinfo setup on a couple of other domains that are working and in BOTH folders it reports that the same and correct custom php.ini is in play.

So it is something specific to one domain on my server – in my opinion anyway!

I’ll let you know ??

Hi,

I am happy to report that EWWW is fully functional now ….. but I don’t understand why!

My hosting engineers suggested a temporary fix to add a folder specific htaccess but I wanted to dig deeper.

Previously I have deactivated plugins and swapped out themes but nothing made a difference. This time, instead of deactivating plugins one at a time and testing my phpinfo and checking EWWW status each time I deactivated ALL plugins, including EWWW.

When I bulk activated them all at the same time I immediately saw that EWWW wasn’t complaining. I checked my phpinfo file and exec() was enabled.

So it’s all working exactly like all the other sites … but I have no idea how or why?

Weird!!!!

My suspicion would be that one of the plugins was doing some security hardening, which included disabling exec() in certain folders. It would make sense to disable it for wp-content/ since that is where all your uploaded content will live, but with ewww, we need it enabled (at least for local mode, with the API it isn’t necessary).

So when you disabled them, it probably ran a cleanup routine and removed that rule somehow, and it didn’t get put back in place on activation. Just a guess, but it would kinda make sense.

Well, that was my first thought too.

That’s why the first plugin I deactivated was Wordfence, as the new firewall set up was my first thought for the cause. But then again I run Wordfence on ALL sites I manage and had zero issues with those.

And as stated before I had previously deactivated every plugin one at a time before but nothing changed things.