Is it safe to give wordpress SSH access for updates? - wordpress

In ubuntu I have the /var/www/wordpress folder owned by a user. In order to update/upgrade wordpress some folders need to be owned by www-data.
I am kind of confused but from what I've read that may pose a security risk. So I keep all the files owned by the user and when I need to update, I log to ssh (using pubkey), do a chown -R www-data /var/www/wordpress and after update I chown -R user:user /var/www/wordpress.
The trouble is that I cannot auto-update wordpress and have to do all this manually.
I found about Enabling SSH Upgrade Access and can't figure out if this is safe security wise.
Giving wordpress access to public and privatekey would compromise it?
define( 'FTP_PUBKEY', '/home/username/.ssh/id_rsa.pub' );
define( 'FTP_PRIKEY', '/home/username/.ssh/id_rsa' );

It is not safe to give the WordPress an SSH access for updates. and also if the website get hacked the hacker could get access to modify your php files and add new ones. Whatever you do if the website get hacked you gonna face files permission problems but you can protect from thus hacks by telling apache to not execute any php file that go under wp-content/uploads
What you can try to do is the following
sudo chown -R user:www-data /var/www/wordpress
and add this line define(‘FSMETHOD’, 'direct); in your wp-config.php
that would allow WordPress to autoupdate the plugins/themes/core without using the SSH access.
You can check more about my answer here

Related

Cannot delete files on AWS EC2 via FTP, permission denied

I run a WordPress site on AWS EC2 with Litespeed.
When I log in via FTP I cannot delete anything, neither plugin nor theme files. FileZilla shows a rm /path/to/file permission denied error:
These are due to permissions issue, as you are trying to delete the files while loggged in from user that is not the owner of those files.That www-data is server user, ask your server provider to remove those files or change the owner of files.
For this issue, you need to change the owner of the files.
This command will work for you
sudo chown -R www-data:www-data /var/www/html
Run this command from your ssh and try again.
Regards

wordpress: plugin updates not updating

To be clear on some things, I have tried:
going into config.php and inputting define FS_Method, FTP_Base, FTP_Content_Dir, FTP_Plugin_Dir, FTP_User, FTP_Pass, FTP_Host, FTP_SSL
setting file permissions to 755 on wp-content, wp-content/uploads, wp-content/plugins
Things I do not have access to: cpanel, file manager, ubuntu, commands, SSH credentials.
I have spoken to my web host (it is a shared host account), and they will not provide me info on SSH. The only backend I have access to is wordpress admin and FTP through FileZilla or WinSCP. The web host has declared this issue to be in my court and refuses to help me out (unless I want to be charged a hefty fee).
Now, the issue is updating plugins. I can activate and deactivate plugins. But I can't install, delete or update plugins. Originally, the issue was "can't create directory" but then I changed define(FS_METHOD) to ftpsockets. Originally it was direct. (ftpext did not work whatsoever).
NOW the issue is "Update Failed: Could not copy file. all-in-one-wp-migration/all-in-one-wp-migration.php" for the plugin All-in-one WP Migration.
Can anyone help me out or point out what I'm doing wrong?
check your disk quota , the space assigned to your account , it looks like you may be overquota and hence the updates are failed.
As other posts indicate, the root cause is a permissions problem in /var/www/html/wordpress. In my case, I used Microsoft document https://learn.microsoft.com/en-us/azure/virtual-machines/linux/tutorial-lamp-stack to install LAMP in Azure on Ubuntu 18.x LTS. I set the app to use the SFTP plugin for updates & uploads per https://wordpress.org/plugins/ssh-sftp-updater-support/. Then I changed permissions in as needed to the directories 'plugins themes upgrade uploads', group www-data (I used top to determine this, but other tools will do the trick), 775 on directories and 664 on files. Of course the user ID used to SFTP files had to be added to the www-data group on the system. I DID NOT set permissions to 777 as some have suggested in other posts and blogs.
Your situation may vary for required group ownership permissions. So analyze accordingly.
And best of luck.
Get your webhost to do this or you can do it yourself if you have SSH access
sudo usermod -aG www-data $USER
sudo chown -R www-data:www-data /var/www
sudo chmod -R 774 /var/www
you may want to revert back to the default: prevent writeable
sudo chmod -R 755 /var/www

WordPress nginx can't create Directories - Permissions correct

I know there are bunch of posts all over the internet about the WordPress permissions, but I am facing an issue I can't explain from the other posts. I am running debops WordPress on Ubuntu 16.04 with nginx.
Basically my updates within WordPress are failing, I am getting the "Could not create directory error". So I checked the permissions, and they are all correct (755 for the directories, 644 for the files).
Furthermore I checked that nginx is actually running as www-data user, which it does:
ps aux|grep nginx|grep -v grep
Shows that nginx is running as www-data.
To verify the permissions, I tried:
sudo -u www-data mkdir test
which worked and created the test directory.
Then some other posts made me think it has to do with a FTP configuration, most of them point to the vsftpd.conf file, but I don't have vsftpd installed (though I am able to connect via sftp to the ubuntu machine).
Question: What other reasons might cause this issue? Technically, WordPress has all the permissions to create it's directories.
Ok I found the problem:
nginx was indeed running as www-data user, but that wasn't the issue. From the debops issues I found that the correct user who should own the WordPress directory is the 'wordpress' user, not www-data.
chown wordpress:wordpress /var/www/ -R
Now everything works well with the updates.

How to upload photos in Wordpress localhost

I'm using Wordpress on localhost, but I can't upload photos. They seem broken and won't show, although they are created in wp-content/uploads/2014/01 folder. This folder has 755 mode, too. What am I doing wrong?
755 give read and execute permissions to group and others but not write permissions
I also find that sometimes its not enough for files/folders to have write permissions with wordpress you sometimes need to give your server ownership of the directory - if its going to regularly be reading and writing to it.
e.g. if apache is server on debian or debian derivative try:
sudo chown -R www-data wp-content/uploads/2014
(replace www-data with whatever user your server runs as)

Upload file wordpress

I am trying to upload a file in wordpress using the Media > Add New -- Option but when I click upload I get the following error:
Unable to create directory wp-content/uploads/2012/11. Is its parent
directory writable by the server?
I have Wordpress 4.3.1 installed.
Thank you
EDIT:
I am on a shared server with: host=i686-redhat-linux-gnu and Apache. I changed the permissions to 755 and 777 of wp-content/uploads but I get the following error:
“my_file.jpg” has failed to upload due to an error Unable to create
directory wp-content/uploads/2012/11. Is its parent directory writable
by the server?
Any ideas?
You need to set folder permissions for /uploads/ and possibly for /wp-content/ , too.
Typically, both folders should be 755. You may have to temporarily raise /uploads/ to 777 and upload an image (this will also force the server to change the folder permissions and user to the correct settings), but change it back to 755 right away.
It's easiest to set permissions with an FTP client. See Filezilla and FTP Clients « WordPress Codex.
And see Changing File Permissions « WordPress Codex for the correct Wordpress permission settings:
From the codex.wordpress: Typically, all files should be owned by your user (ftp) account on your web server, and should be writable by that account. On shared
hosts, files should never be owned by the webserver process itself
(sometimes this is www, or apache, or nobody user).
Any file that needs write access from WordPress should be owned or
group-owned by the user account used by the WordPress (which may be
different than the server account). For example, you may have a user
account that lets you FTP files back and forth to your server, but
your server itself may run using a separate user, in a separate
user group, such as dhapache or nobody. If WordPress is running as the
FTP account, that account needs to have write access, i.e., be the
owner of the files, or belong to a group that has write access. In the
latter case, that would mean permissions are set more permissively
than default (for example, 775 rather than 755 for folders, and 664
instead of 644).
ssh in and navigate to the wp-content folder and type in these 2 lines:
sudo chown -R www-data uploads/
sudo chmod -R 755 uploads/
or you can use the static and full path:
sudo chown -R www-data /var/www/wp-content/uploads/
sudo chmod -R 755 /var/www/wp-content/uploads/
Do not change it to permissions 777 because that is simply insecure
I had the same problems last week. After trying all proposed solutions with no success, it occurred to me that we had SElinux enabled on the server. In my case, and maybe for many other people, SElinux was responsible of the error message:
Unable to create directory wp-content/uploads/2013/04. Is its parent directory writable by the server?
My solution is based on the one proposed here: http://doc-ok.org/?tag=selinux which could be more suitable to other people's needs.
In my case, my wordpress directory resides in my home folder on the server, to which I have ssh access. Otherwise you will have to ask your administrator.
Anyway, this is my solution.
chgrp -R apache wordpress #change wordpress with your base directory for wp..
#alternatively, chown the whole directory to apache
chmod -R 774 wordpress/wp-content #if chown by apache, the permissions can be more restrictive
In my case not only the folder ownership / group ownership had to be changed to apache. Also the SElinux label of wp-content directory had to be changed to either httpd_sys_rw_content_t or httpd_sys_content_t:
chcon -Rv --type=httpd_sys_content_t wordpress/wp-content
This did the trick for me.
More information on SElinux can be found for example at:
wiki.centos.org/HowTos/SELinux
and
fedoraproject.org/wiki/SELinux
The /wp-content/uploads directory needs to be writeable by your webserver. Assuming that you are using Apache on Linux, and that it is running as user apache (change to your appropriate user) one quick fix for this would be to run the following command from your web root.
chown -R apache.apache wp-content/uploads
chmod -R 755 wp-content/uploads
I faced the same issue and I found a better solution:
go to cpanel > phpmyadmin
select database
open wp_options table
make sql query SELECT * FROM wp_options WHERE option_name LIKE '%upload_path%'
change the path
this should fix it.
sudo chown -R www-data:www-data wp-content/uploads
Do not change the permissions to 755 if it's not necessary.
If it still doesn't work try:
chmod -R 755 wp-content/uploads
this works for me, after many weeks headache
sudo chown -R apache uploads
sudo chmod -R 755 uploads
assuming you're in wp-content
for those who stumbled on selinux permission issue, here are the steps i made to fix them. We need to allow the following selinux boolean variables to allow installing of wordpress plugins from wordpress admin console using FTP. They are httpd_can_network_connect and ftpd_full_access. They can be activated by
setsebool ftpd_full_access on
setsebool httpd_can_network_connect on
also wp-content folder should be write permissible for the ftp user used for uploading.

Resources