Get the most out of your Centmin Mod LEMP stack
Become a Member

Wordpress Plugins Can't Write. White-listing Doesn't Seem to Work

Discussion in 'Blogs & CMS usage' started by gawk, Oct 6, 2018.

  1. gawk

    gawk New Member

    10
    5
    3
    Feb 24, 2018
    Ratings:
    +7
    Local Time:
    7:19 PM
    nginx-1.13.9
    MariaDB 10.3.4
    Hi,

    I installed WP via the build-in centmin option 22.

    I also deleted the public/private folders in the domains directory, as I had a backup of the site ready (I created it by mistake with centmin option 2). I'm also using my own SQL database (created in the MariaDB install in centmin) and not the one created with the new vhost domain.

    Do you think this could be causing the problem? All of my plugins (over 10) are not working, and not even running the autoprotect.sh helps.

    [​IMG]

    Weirdly, I even tried to disable autoprotect-domain.com.conf and wpsecure_domain.com.conf and restarted the nginx service, but my plugins still can't write.

    Permalinks and logging in works.
     
  2. gawk

    gawk New Member

    10
    5
    3
    Feb 24, 2018
    Ratings:
    +7
    Local Time:
    7:19 PM
    nginx-1.13.9
    MariaDB 10.3.4
    It seems I have an idea what happened.

    When I copy pasted the backup of the WP install, the files and folders lost their permission, which is why the plugins can't access any of the folders, even if they are whitelisted in wpsecure.

    Do you know how I should set the default file and folder permissions for a secure WP install?

    Thanks!
     
  3. eva2000

    eva2000 Administrator Staff Member

    36,387
    7,992
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +12,304
    Local Time:
    3:19 AM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    First backup your existing permissions for everything under /public with command below where yourdomain.com is your domain name
    Code (Text):
    getfacl -R -L --absolute-names /home/nginx/domains/yourdomain.com/public > /home/nginx/domains/yourdomain.com/backup/backup-permissions-$(date +"%d%m%y-%H%M%S").acl
    

    if you need to restore this backed up permissions use
    Code (Text):
    setfacl --restore=backup-/home/nginx/domains/yourdomain.com/backup/backup-permissions-XXXXXX-XXXXXX.acl
    

    where XXXXXX-XXXXXX is the day-month-year-hr-min-sec timestamp from the above backup command

    This chown user and group permissions recursively for all directories and files below /public would take care of ownership of files
    Code (Text):
    chown -R nginx:nginx /home/nginx/domains/yourdomain.com/public
    

    as to file/directory permissions try files = 640 or 644 and directories 750 or 755
    Code (Text):
    find /home/nginx/domains/yourdomain.com/public/ -type f -print0 | xargs -0 chmod 0640
    find /home/nginx/domains/yourdomain.com/public/ -type d -print0 | xargs -0 chmod 0750
    chmod 0755 /home/nginx/domains/yourdomain.com/public
    


    If not 100% sure, you can setup a dummy test domain and recreate your web app/script
    s setup and inspect their default file permissions etc and then replicate on your live site.
     
    • Like Like x 1
  4. gawk

    gawk New Member

    10
    5
    3
    Feb 24, 2018
    Ratings:
    +7
    Local Time:
    7:19 PM
    nginx-1.13.9
    MariaDB 10.3.4
    Thanks eva,

    You were right, even the ownership was messed up (my CentOS user was the file/directory owner).

    I used the chown command to set nginx as the owner, and it seems that 750 with 640 are the right permissions, as I'm not getting any errors, the site works as it should and the WP documentation seems to confirm it (Hardening WordPress « WordPress Codex).

    Ggetfacl is going to be a useful command in the future :D
     
  5. eva2000

    eva2000 Administrator Staff Member

    36,387
    7,992
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +12,304
    Local Time:
    3:19 AM
    Nginx 1.15.x
    MariaDB 5.5/10.x
..