Problem description
When I try open W3 Total Cache settings page I got the following error:
You do not have sufficient permissions to access this page
This is the only one plugin that I cannot edit. It's installed on multisite page and it's activated for the whole network. I can normally delete it and activate / deactivate for the whole network. The error occurs when I'm trying to open settings page on one of the pages within this network.
I'm using localhost - just so you know but I'm quite sure that it does not change anything in this case.
Solving attempts
I have checked user capabilities and user_level in database (they are set to administrator and "10").
I tried reloading APC and PHP-FPM (found this while googling). I have tried clearing browser cache and opening site in incognito mode.
I have tried reinstalling plugin, deactivate it and activate again (multiple times).
You need to change your permissions of the wp-contents and all folders within it.
Try 774, if that doesn't work try 775.
This should fix your issue, let me know if you have any issues.
Related
I have a website that is running on an AWS server using the Bitnami Nginx and WordPress image.
https://www.athleticclubhk.com/
Recently it got all our ads on Google stopped due to malicious content. Oddly this time, its trickier then your standard malware of infected files. When visiting the site incognito, the first and only the first link click gets redirected using the following code:
window.location.replace("https://cartoonmines.com/scount");window.location.href = "https://cartoonmines.com/scount";
This is being injected on any link, however, upon investigating the loaded code on inspect its not injecting it into the page.
I've tried to hunt down the theme, plugins, core files and found nothing!
I replaced and reinstalled WordPress core files, deactivated all plugins and even swapped the theme - the problem is still there. I can't find any hidden .htaccess file in the entire root directory.
I even used GREP to try to look for anything fishy (any clues here that someone can help with?) nothing so far.
The site is still impacted with this so you can easily load the link ~ i do use malwarebytes to keep myself protected, incase you are opening this directly.
Can anyone help?
The redirection code is implanted to /wp-includes/js/wp-emoji-release.min.js.
How to confirm:
watch the cookies when clicking internal page, a new cookie is being set for tracking first clicks, named ht_rr
save complete webpage locally and try to load it, and check in Chrome dev tools, you'll see that in Console tab it complains about this Javascript file attempting to set the aforementioned cookie
While a temporary resolution of deleting the file will fix things for some time...
There's no excuse for not setting up a proper server stack. Bitnami or other "great stacks" won't cut it security-wise. They exist for "fast", but no "quality" setup, and of course, it's never going to be secure.
The file got created somehow / had write privileges. This indicates a problem with the setup most of the time. Unless you're using some nulled plugins or plugins from bad sources.
Once again, since the website was essentially "pwned", deleting the Javascript file does not mean complete disinfection. To preserve things in a secure state, I would recommend setting things on a clean server environment with strict PHP-FPM permissions aka "lockdown" chmod, and look for write errors to look for infected PHP files.
Check out some guides on the matter of secure NGINX/PHP-FPM setup:
NGINX and PHP-FPM. What my permissions should be?
Best practice secure NGINX configuration for WordPress
NGINX Security Headers, the right way
Just had the same problem and it was Zend Font Plugin, the same that some people mentioned before.
Installed Wordfence and this came out. Deleted the plugin and now the site is working perfectly.
Disable plugins and check again.
Change the database username and password.
Ask the hosting manager to check the host.
I've enabled the wp-network site function, put the rule in wp-config.php and also modified the .htaccess file and enabled the subdomains. The subdomains working fine but the plugins tab from wp-admin panel is not showing up. I can activate or deactive the plugins due to this and also subdomain sites dashboards not showing.
First, inspect elements in dashboard and see if there is any problems in the console, and try to solve it if exists.
Second, Log out, clear your browser cache and cookies, restart your browser and take another look.
If you still don't see it, and you think you are logged in as an administrator, go to users > all users and see what it lists as the "role" for your username.
That's the far I know without seeing the issue.
I am using MAMP PRO for local development on WordPress and have to constantly change permissions, depending on whether I'm working the files, or from the WordPress dashboard. Surely there must a catch all permissions settings that will allow access for both?
If I set the Owner to me 'Storm', I can freely edit the files in sublime, without getting prompted to allow access when I save, but then some things in the WP dashboard don't work (such as updating plugins, where I get prompted to enter FTP details)
If I set the Owner to _www, I can update plugins freely, but then I get prompted to allow access when I save files.
This is really frustrating. What is the correct way to set permissions so I never get prompted locally? I have tried the suggestion on a similar question but when I try make to make all files writable, it doesn't change the boxes (see the message in the image, which says that you can't change boxes with dashes in them)
You might want to run the webserver as Storm instead of www[1], ie. the same user as the one you're editing files with (due to the way WordPress checks permissions).
[1] See General in the main window of MAMP.
I am having some problems with Wordpress 3.7. I think they may be related and have something to do with a file ownership/rights issue but I am completely stuck.
I am using the default theme and I have uploaded a new header image
several times through the WP admin interface. Now that I am happy
with the image, I want to delete the old images. Firebug tells me
they are in [my wp root]/wp-content/uploads/2014/01. However, in my
FTP client, this directory is not visible. I only see [my wp
root]/wp-content/uploads/2013
.
When I log into the Wordpress admin interface, it tells me I should upgrade to 3.8. When I tell it to go ahead and give it my FTP credentials, it begins but gets stuck at "Verifying the unpacked files…". I get no error messages and when I give up and leave the page, there are no reports about a failed update. It just keeps showing me the "please update" message.
I am using the default theme and want to change style.css. I cannot do this in the theme editor, it tells me I have to make the file writable first, even after I give all the theme files 777 access in my FTP client (which probably is not a good idea). If I edit the file offline instead and then upload it via FTP, this doesn't have any effect. I can even delete the entire file and still nothing changes at the frontend.
I have tried to create a child theme through the FTP client but it does not show up in the WP backend.
The site is on a shared hosting platform. I can't find the details at the moment but it's a fairly regular setup (Linux, Apache, MySQL). I am testing in Firefox and caching is turned off. If I log out, and log back in again: same problems.
It is almost as if I am FTP-ing the wrong computer but I am really not. What am I missing?
Problem solved. I finally asked my hosting provider and as it turns out they had adjusted a few settings, making them too restrictive.
I'm using wp 3.4.2 on a hosting service. I can access the ftp server and make changes using a ftp client (ie I have the correct credentials). I inherited the website and I'm trying to update everything, but as a precaution I started with the plugins.
The problem
When I try to update a plugin using the admin dashboard, after clicking "update now", the page keeps loading for several (about/at least 5) minutes. Afterwards I get a Error 503 Service Unavailable error. FTP settings are hardcoded in wp-config.php. This happens with all the plugins.
I solved it already, answer below.
In case anyone happens to stumble upon this problem, in wp-config.php the ftp host should be set to localhost instead of ftp://yourdomain.com.
Another solution i have found on my webhost was that the database user the wordpress installation used lacked the permission to refrence and to delete. Solved by giving the DB user FULL access.