pumpkinslayer

These steps solved my uploading woes…

Firstly, on my test install, file uploads wouldn’t work and I got the “HTTP Error”. This was fixed with the addition to the .htaccess (in the top level of your WordPress install).

I added the first four lines below to my .htaccess, so this is what I ended up with.

<IfModule mod_security.c>
<Files async-upload.php>
SecFilterEngine Off
SecFilterScanPOST Off
</Files>
</IfModule>
# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPress

On my other install (WordPress MU, but same idea), files would crunch, but then the directories could not be created or the file could not be move to that location.

This was because mod security is now installed. The uploads dir should no longer be given permissions 777, or given to user Apache. It should now be assigned to your username and group and folder permissions should be 755 and files 644 (that worked for me).

This will change the usergroup and username, and your host might have to do it for you (because files owned by Apache are not editable by users).

chmod -R yourusername:yourusergroup full/path/to/your/wordpress/upload/dir

If you don’t know the dir, just tell your host it’s the “wp-content/uploads” folder (or “wp-content/blogs.dir” for wpmu).

Because my server now uses mod security, uploads are handled with my username and group, not Apache. Before it used to be handled with the Apache username and group.

I’m currently getting my host to

chmod -R username:usergroup wp-upload-dir

to see if I can upload then.

Note: I use php5, but I don’t think that effects this (it might)

I suspect mod security is causing this.

Previously a directory would have to be owned by apache (user:nobody in my case) to allow uploads, which meant after the owner was changed by my host, I couldn’t edit that stuff, but uploads via php worked. The common workaround (which I don’t like) was to set the uploads dir to 777 to allow anyone to write to it, which was also enough permissions for apache to write to it (but also any old hacker, as happened to me before). With mod security, it appears that uploads are now all assigned to your personal user name and group, so normal permissions (755 for folders and 644 for files) should work fine.

I have a WordPress MU install that stopped allowing uploads. The uploads dir previously needed the owner as “nobody” (apache) to do uploads.

Another fresh install of WordPress 2.5 worked without changing owner and after uploading the uploaded files and newly created directories had my user as owner.

So I suspect if you had the directory changed to user:nobody (apache) then you need them changed back to your personal user and group.

Not a solution, but maybe a start.

I had this same problem, where it would not upload anything, until I changed the directory permissions to “777”

Has it worked on anything like “755” for anyone out there? “777” seems a little unsafe, allowing anyone to write to that directory.

Nathanwburke, I had this same thing happen to me just the other day, but on my site that has WordPress Multiuser. So far I only spotted that it had added a file to /wp-inst/ and added the lines you mentioned to /wp-inst/wp-conig.php at the end of the file.

My friend who has a blog on my site alerted me to the problem when he got error messages on the site, but also a virus warning.

Thanks Podz, for the suggestion, and I will do that to my site, but actually none of the themes were effected by the hack.

UPDATE —

Took podz advice on changing permissions, but for those with WPMU the wp-inst folder still needs to stay as 777, make absolutely sure that wp-config (which contains your database password) stays with the strictest permission, basically allowing only reading from the server is best, I think.

I tried downloading the on from 2005-01-12 and it did the same thing as it did to you.

Oh, I see, I have no idea, I’d have to start digging in the code. That could take forever.

Sorry…

This assumes that you installed in the root directory otherwise I think that
https://www.yourdomain.com/wordpressdir/newusername
will accomplish the same thing.

I figured it out!
If you simply type in
https://www.yourdomain.com/newusername
then a screen appears that prompts you for the information of the new blog.
The new blog will be in the directory you typed in.
The user can input their name and email address and an email is sent to them to tell them their password, just like it was when you set up the main account at install time.

Sorry 2005-01-09

I have just installed wpmu this evening.
My problems were solved when I downloaded the latest download dated 2004-01-09 (or about that)