WP – File Permissions

WP_CLI Settings – Github

https://gist.github.com/Adirael/3383404

[php]

#!/bin/bash
#
# This script configures WordPress file permissions based on recommendations
# from http://codex.wordpress.org/Hardening_WordPress#File_permissions
#
# Author: Michael Conigliaro 
#
WP_OWNER=www-data # <-- wordpress owner
WP_GROUP=www-data # <-- wordpress group<
WP_ROOT=$1 # <-- wordpress root directory
WS_GROUP=www-data # <-- webserver group

# reset to safe defaults
find ${WP_ROOT} -exec chown ${WP_OWNER}:${WP_GROUP} {} \;
find ${WP_ROOT} -type d -exec chmod 755 {} \;
find ${WP_ROOT} -type f -exec chmod 644 {} \;

# allow wordpress to manage wp-config.php (but prevent world access)<
chgrp ${WS_GROUP} ${WP_ROOT}/wp-config.php
chmod 660 ${WP_ROOT}/wp-config.php

# allow wordpress to manage wp-content
find ${WP_ROOT}/wp-content -exec chgrp ${WS_GROUP} {} \;
find ${WP_ROOT}/wp-content -type d -exec chmod 775 {} \;
find ${WP_ROOT}/wp-content -type f -exec chmod 664 {} \;

[/php]

What is the www-data user?

https://askubuntu.com/questions/873839/what-is-the-www-data-user

For security.

The files are not world writeable. They are restricted to the owner of the files for writing.

The web server has to be run under a specific user. That user must exist.

If it were run under root, then all the files would have to be accessible by root and the user would need to be root to access the files. With root being the owner, a compromised web server would have access to your entire system. By specifying a specific ID a compromised web server would only have full access to its files and not the entire server.

If you decide to run it under a different user ID, then that user would need to be the effective owner of the files for proper privileges. It could be confusing to have personal ownership of system-wide files to your personal account.

Creating a specific user would make it easier to recognize the files and consistent to recognize which ID to chown to new files and folders added to the site.

The Userid or Name of the owner doesn’t matter. Whatever is chosen or decided upon will have to be configured in the web server configuration files.

By default the configuration of the owner is www-data in the Ubuntu configuration of Apache2. Since that is the default configuration, you conveniently know the ownership needed for your web files. If you change it, you would have to change the files in your site to match.

I don’t run Nginx, but since it’s in the Ubuntu repository, I’m sure it has been tested with the www-data configuration as default.

Use this over the rest

Hardening

Fixing – Plugin Update Fail

https://techubber.blogspot.com/2017/09/how-to-fix-wordpress-plugin-update-failed-solutions.html

Alright, so I had some notifications in a WordPress website to update some plugins, which is damn easy in WordPress. Yes, just click update and finish. But no, this time, a new situation had cropped up. On clicking on ‘Update’ from the interface, I got the message “Update Failed: Plugin update failed“. I immediately turned to Google, searched for solutions others have tried for this WordPress plugin update failed error. Here are a few things findings and solution that worked for me. 

Solution 1. Chmod the upgrade directory to 777
One of the solutions recommended for the  “Update Failed: Plugin update failed” is to change the permission of the upgrade directory to 777.

Where is the Upgrade directory in WordPress?
It’s at wp-content/upgrade

After you change the permission to 777 and updated the plugin, make sure to change the permission back to 644.

Solution 2. Delete upgrade directory and recreate it.

The solution to change the permission of the ‘Upgrade’ directory did not work in my case. So I turned to the next solution – apparently. And that is to delete the ‘upgrade’ directory and then recreate it.

So again, we can delete the ‘upgrade’ directory from the web based file manager provided by the host or via FTP client. Simply delete the ‘upgrade’ directory and recreate it. Make sure the permission is 644 after you create the directory.

Go back to the WordPress dashboard and try to update the plugin again.

Well, this worked in my case. And I did not bother to dig further why and how.

Other solutions that others reported to have worked for “Update Failed: Plugin update failed” in WordPress are:

Disabling Ask Apache Password Protect Plugin
I did not have this plugin so I could try this. But if you have ‘Ask Apache Password Protect’ plugin installed, try disabling this plugin and try the other plugin update.

No hard disk space left?
Unless you are on a very tight hosting plan, the chances of hard disk space running out is rare. Or if due to some reason, a lot of big files got generated and you have not done any maintenance, then chances are that you may be running out of disk space.

If you receive any of the error messages:

• Could not remove the old plugin
• Plugin upgrade Failed or Unpacking the update
• Could not copy file /public_html/wp-content/xxxx

Then, you might want to have a look at your web hard disk space. If it is so, do some maintenance, clear some backups you don’t need, clear some space and then try the plugin update again.

These are a few solutions I have encountered and a solution I tried from among the solutions. Let me know which one worked for you or if you have other solutions to resolve this issue – “Update Failed: Plugin update failed“.