HelloARI logo: vinyl signs and identity design web design«    sign design«    blog«    contact«  USE MY IMAGINATION
web design and wordpress development 94114

san frnacisco web design

The best permissions setup for WordPress and Plesk

Years ago, when I first installed WordPress on my Plesk-based server I had some problems with file permission issues. I could not upload images and WordPress could not edit the .htaccess file. The best solution to these issues was to use a few command lines to set the ftp username for the domain to the correct group. The problem revolves around the plesk group called “psacln”  Here’s the magic code:

cd /var/www/vhosts/[domain.com]

chown -R [username]:psacln httpdocs

chmod -R g+w httpdocs

find httpdocs -type d -exec chmod g+s {} \;


And here’s what not to do:

When I first encountered this problem I would edit .htaccess manually to enable permalinks

and open permissions on lots of directories… a bad security risk.
chmod 777 sitemap.xml sitemap.xml.gz
mkdir wp-content/uploads
chmod 777 wp-content/uploads
mkdir wp-content/gallery
chmod 777 wp-content/gallery
mkdir backup
chmod 777 backup
mkdir wp-content/upgrade
chmod 777 wp-content/upgrade/

Credit for this goes to Bryan T. He had the good advice to first make sure PHP safe mode is off before trying these troubleshooting techniques. Another advanced possible step: Change the umask in ‘/etc/proftpd.conf’ to ‘002’ and add the ‘apache’ user to the ‘psacln’ group. Then, update the directory permissions:

cd /home/httpd/vhosts/[domain.com]
chown -R [username]:psacln httpdocs
chmod -R g+w httpdocs
find httpdocs -type d -exec chmod g+s {} \;

He explained that Joomla also complains about some PHP settings, sometimes including not being able to write to ‘/var/lib/php/session’. (This might only be an issue with older version of Joomla, I’m not sure) To fix the issues, make some adjustments to the vhost.conf for the domain:

<Directory /home/httpd/vhosts/[domain]/httpdocs>
php_admin_flag magic_quotes_gpc on
php_admin_flag display_errors on
php_admin_value session.save_path /tmp
</Directory>

If the vhost.conf is brand new, then run:
/usr/local/psa/admin/bin/websrvmng -av

Make sure Apache runs with your new configuration:
# httpd -t (check your work)
# /etc/init.d/httpd reload

via Joomla and Plesk permissions | Racker Hacker.

update: see this excellent discussion over on the plesk/parallels forum about another option (if you have root access). It describes a script that allows you to get around needing to enter FTP credentials for plugin update/install with WordPress. This is a barrier to making updates and makes remote WordPress management tools (see that link for a comparison of new tools). In other words, if you want to avoid the security issue of putting your ftp password into the wp-config file then you can use the script and it all ‘just works’, I will be testing this script soon.

On the other hand, there is an advantage to not allowing some clients the ability to update their plugins. That’s what my managed WordPress hosting solution is all about – I update WordPress and make sure nothing breaks so my clients don’t need to worry about it.

update 10/2012: another useful thing to know is that you can enable a special mode in your wp-config file that will avoid the issue of needing to enter ftp credentials every time you want to add or update a plugin. use this line of code:

define(‘FS_METHOD’,’direct’);

read more here.

update 2/2013:
With Plesk 11 I found that the group should be psaserv not psacln. so heres’ my updated setup:

cd /var/www/vhosts/DOMAIN
chown -R FTPUSER:psaserv httpdocs
chmod -R g+w httpdocs
find httpdocs -type d -exec chmod g+s {} \;
chmod -R 775 httpdocs/wp-content/

also, the next step to higher security is to execute PHP scripts with the permissions of their owners – this helps keep malicious PHP scripts from spreading from one site to another (on a server with more than one site of course).
read more about using suPHP with Plesk

This entry was posted in WordPress. Bookmark the permalink. Post a comment or leave a trackback: Trackback URL.

19 Comments

  1. Posted April 18, 2011 at 8:43 pm | Permalink

    Im having this issue, how do you access the command line ?? or where do you add this, is it accessible from the plesk control panels?

    Cheers

    • Posted April 19, 2011 at 1:27 am | Permalink

      You can’t access the command line from the plesk control panel. You need a “terminal” program and you need to learn a bit about how to use it – you can cause alot of damage very quickly with one misplaced bit of syntax when using the command line. There are lots of tutorials online.

      • Posted April 19, 2011 at 8:57 pm | Permalink

        Thanks i’m in touch with the web hosting company, am I correct in saying that the username is the apache username?

        • Posted April 19, 2011 at 10:23 pm | Permalink

          no, it would be the FTP username for that account/domain.

  2. Posted June 14, 2011 at 7:16 pm | Permalink

    I have run your command, but it turns out with 403 error now,
    “You don’t have permission to access / on this server.”

    Urgent help pls, I can not visit any pages from browser now.

    • Posted June 14, 2011 at 7:29 pm | Permalink

      All good now, thanks anyway

      • Posted June 29, 2011 at 4:44 am | Permalink

        I’m having the same problem. I’ve run these commands but I’m now getting a “You don’t have permission” error when I try and access the site.

        What did you do to resolve this?

        • Posted June 29, 2011 at 11:48 am | Permalink

          Are you logged in as root?

  3. Posted January 14, 2012 at 1:06 pm | Permalink

    Hi
    Does this work for Joomla?
    Nick Garnett

    • Posted January 23, 2012 at 1:06 am | Permalink

      I’m not sure. please try it and let me know…

  4. Posted April 15, 2012 at 3:31 pm | Permalink

    Thanks for the instructions. I came across them a few days ago but they did not mean much until today.

    However, I’m still struggling understanding the permissions that these instructions set on the files:

    How safe does it make my WP site? A plugin called backupbuddy recommends that most of the folders are set to the permission 755. Your instructions set the folders at 775 which is higher than the recommendation. But, the individual files seem to be set at tighter permissions; 664.

    Your advice is really appreciated. Thank you.

    Justin

    • Posted December 23, 2012 at 2:10 am | Permalink

      if you read carefully you will see that when I talk about setting permissions to 777 that is in the section titled “what not to do”. see the first section for the better solution.

  5. Posted May 16, 2012 at 3:20 am | Permalink

    Hi, thanks for this.
    One quick question – well two actually, I am fairly new to command line, but have succesfully logged in to my server via ssh and now want apply your magic code above. Where I replace [domain.com] and [username] should I leave the square brackets either side or remove these aswell? Also am I fine to copy paste all of it straight in or do I need to do it line by line? (I’m using terminal app on a mac)

    Thx.

    • Posted October 9, 2012 at 12:28 pm | Permalink

      remove the brackets

  6. Posted October 24, 2012 at 1:35 pm | Permalink

    i have the same problem as neil reported back in 29jun11: after following your “magic code” to the letter, i can see that all files have been chmod’ed, but now when accesing the site via the browser i see the following error message:

    Forbidden
    You do not have permission to access this document.
    Web Server at obbetiddens.tk

    I am running plesk 10.3 on CentOS

  7. Posted March 8, 2013 at 9:48 am | Permalink

    I had the same issue a few months ago. I couldn’t manage my files on the server anymore due a permission error and I made a mistake by approving all the permissions on the file server. But luckily I had a Joomla backup which I made a week before the error. Gonna keep the magical code in mind if the problem encure again! Thanks for sharing it!

  8. Posted September 11, 2013 at 1:23 am | Permalink

    Hi,

    I work with plesk 11.5 and have the same problems. I’m not familiar with plesk at all. This is the first time. So i’m not sure where to add those lines. Do I have to put them in the Secure Shell Terminal?

    Please let me know.

    Greets

  9. Posted March 25, 2014 at 3:24 am | Permalink

    Hi, I am just trying to locate which file i would need to insert the code into for wordpress on plesk?

  10. Posted November 18, 2016 at 6:43 am | Permalink

    Thanks for sharing the correct permissions setup.

Post a Comment

Your email is never published nor shared. Required fields are marked *

You may use these HTML tags and attributes <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

*
*

© 1996 - 2024
contact  |  links  |  rss