Making Dir writable by WordPress

Lisa Kachold lisakachold at obnosis.com
Wed Aug 8 18:18:19 MST 2012 

Hi Keith,

On Wed, Aug 8, 2012 at 11:50 AM, keith smith <klsmith2020 at yahoo.com> wrote:

>
> Hi,
>
> I need to make a directory writable so WordPress can upload images to the
> directory.  I'm thinking I need to change the group ownership of the
> directory to Apache with the user remaining the same.  In the past I've
> change the group and ownership to Apache and was blocked from FTP access
> after that.
>
> Any security issues I need to be aware of?  Other approaches?
>
> Any advice is much welcomed!!  Thank you for your help!!
>
> ------------------------
> Keith Smith
>

Known Issue:  Wordpress asks for a directory location: you set it up as 755
and it won't work.

Wordpress works, of course, from PHP and Apache.  So in order to allow for
Apache ftp you would need to make it writable by Apache and other.    If
you change the group writable permissions your ftp breaks (so don't do
that!):

Here's more on it:
http://wordpress.org/support/topic/advanced-problem-image-upload

http://wordpress.org/support/topic/151290

Solution:

You need to use "chmod 777" for uploads to work.

Security Issues:

This is a security risk of course, since there are many spider scrapers
looking for an open permission directory to be able to write, say a fake
Phishing Site page for UPS with an email results script.

Solution: (from Wordpress documentation):

Base image directory

The base image directory must be world writable i.e.: chmod 777
Base image URL

The URL to the base image directory, the web browser needs to be able to
see it.

Note that the directory can be protected via .htaccess on apache; check
your web server documentation for further information on directory
protection. If this directory has to be publicly accessible, remove
scripting capabilities for this directory (i.e. disable PHP, Perl, CGI). We
only want to store images in this directory and its subdirectories.

On apache you can create the following .htaccess file in your base image
directory:

<Files ^(*.jpeg|*.jpg|*.png|*.gif)>
		   order deny allow
		   deny from all
		</Files>



-- 
(503) 754-4452 Android
(623) 239-3392 Skype
(623) 688-3392 Google Voice
**
<http://it-clowns.com>Safeway.com
Automation Engineer
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.PLUG.phoenix.az.us/pipermail/plug-discuss/attachments/20120808/66c57fd7/attachment.html>

More information about the PLUG-discuss mailing list