Monday, 1 October 2012

Wordpress, permissions and plugins

Wordpress is great for a quick site construction. I downloaded and installed it but as per most of the things I do, I make little changes as I go along to try and make it secure and this can cause problems down the road.
Specifically, I changed the ownership to me:www-data so that I owned it but Apache was in the group for all the files. I then set the files to rwx for me, r for group and nothing for others. I also change the directories so that they were not readable or executable to group so no-one could list directory contents. I realised early on that during the install, the web server would be accessing the root folder so I allowed group to also write here.
I then tried to install a plugin. To avoid the automatic install, which requires ftp access, I extracted a plugin into the wp-content/plugins directory but when going into plugins, it was not listed. The reason, as you might have guessed, was that www-data needs to be able to read the directory contents so it knows what plugins are available. I changed JUST plugins and its descendants to be group readable and then it all worked as expected!
So if plugins are not working in Wordpress, ensure:

  1. You are using the correct folder (wp-content/plugins)
  2. That your directories are not too deep e.g. /plugins/myplugin/config.php and NOT /plugins/myplugin/myplugin/config.php (which might occur if you have unzipped the plugin into a new folder)
  3. That your permissions on the folders allow the web server identity (www-data for apache2) to read and execute the directories (not execute the files!)
Post a Comment