WordPress admin media upload permission

0
votes

I have a access to the server where many wordpress blogs are hosted. Initially the permission to uploads folder were set to 777(Recursively) but this caused problems to our server and malicious files where uploaded due to which our server is blacklisted.

I have deleted all those PHP files under uploads folder and set the permission to 755.

Now the problem is that the admin users to wordpress blogs/sites unable to upload media files.

Please guide me what I can do so that they can upload files (images or videos).

Can we set something which will ask FTP details when they upload files using wordpress admin. I can create FTP users for this.

Please Guide.

3
phpwordpressfile-permissions
What error it return when you try to upload the image from wp-admin?Kausha Mehta
ya its a simple permission issue error and when I give uploads to 777 this will be fixed but I dont want to give 777 permission. So seekiing any way so that my users can able to upload media filesvanurag
Are you talking about media upload functionality from wp-admin right?Kausha Mehta
Yeah! Wordpress admin MEdia uploadsvanurag
well, you can't upload files without the write permission. You will always have the risk of having malicious files uploaded, there is nothing you can do against it but basic security measures and regular maintainance.Gerald Schneider

3 Answers

0
votes

Not sure what type of error you are getting. But you can try this

add this line to 

define('UPLOADS', 'wp-content/uploads');

wp-config.php

just before below line

require_once(ABSPATH.’wp-settings.php’);

If the directory doesn’t already exist, WordPress will automatically create it as long as the wp-content folder is writeable.

0
votes

Hey I just set the Permission to chmod -v 747 uploads and it worked. Atleast better than 777.

But would like to here suggestion if this is risky. If risky then how much. I am new to permissions and server management.

Thanks !

0
votes

I know this is an old thread but I found it high in the results for an unrelated issue I am having. It seemed by the permission modes being used @vanurag was actually having a user/group permissions issue rather than the permission modes (755 vs 777) issue.

You can find the web server user with var_dump(whoami()) in php, could be something like www-data.

Once know the user name verify that user is either the owner of the folder or is in the group assigned to the folder. You can use the following in Linux console to find current user/group. ls -l /path/to/wp-content/uploads

Either add the web server user (www-data) as the owner and leave the group as it is or add the user to the group who have permissions.

Use chown (change owner) to set your users to your needs.

I usually add the user to the group rather than change the owner since the owner could be an FTP user and may mess up permissions used else where in your configuration.

usermod -g www-data foobar where foobar is the name of the group who has permissions to the uploads folder.

Here is a decent article on this issue in respect to WordPress uploads folder. https://www.digitalocean.com/community/questions/proper-permissions-for-web-server-s-directory