I was trying to install a plugin, and I kept getting the following error:
Unpacking the package…
Could not create directory.
I'm on Localhost on a XAMPP stack on Mac OS X Yosemite.
The way I solved this was by changing the wp-content folder's permissions in Finder, so that everyone could write to not only the folder but also to all enclosed items.
Per the image below, I right clicked on (1), then changed (2) to "Read & Write" and then chose "apply to enclosed items" in (3).
The proper way to solve this would have been to give the correct user write permission to the wp-content folder by using the chown command.
I didn't use the chown command because (1) I'm still learning how to use it, and (2) it's not clear to me which user is supposed to be given permission to... whether it's the apache user or the ftp user (I'll figure it out eventually).
My question is, if I were to migrate this wordpress site to an online domain based on an Ubuntu server, what are the security implications of my having given everyone write access to this folder and how should I deal with them?
I was trying to install a plugin, and I kept getting the following error:
Unpacking the package…
Could not create directory.
I'm on Localhost on a XAMPP stack on Mac OS X Yosemite.
The way I solved this was by changing the wp-content folder's permissions in Finder, so that everyone could write to not only the folder but also to all enclosed items.
Per the image below, I right clicked on (1), then changed (2) to "Read & Write" and then chose "apply to enclosed items" in (3).
The proper way to solve this would have been to give the correct user write permission to the wp-content folder by using the chown command.
I didn't use the chown command because (1) I'm still learning how to use it, and (2) it's not clear to me which user is supposed to be given permission to... whether it's the apache user or the ftp user (I'll figure it out eventually).
My question is, if I were to migrate this wordpress site to an online domain based on an Ubuntu server, what are the security implications of my having given everyone write access to this folder and how should I deal with them?
2 Answers
Reset to default 2Wp-content contains plugins and themes. So, if I can read and write into those files, I could add malicious code very easily. This malicious code can then do interesting things. You are basically inviting a lot of trouble.
As for not understanding permissions:
http://www.thegeekstuff/2010/04/unix-file-and-directory-permissions/
http://codex.wordpress/Changing_File_Permissions
I followed several links that suggested to:
- Get ownership of wp-content folder:
sudo chown -R <usernam> wp-content - Set the correct uploads folder through the wp-content/option.php file:
sudo nano wp-admin/options.php - Own the Plugins folder:
sudo chown www-data:www-data plugins -R - Own the wp-content folder:
sudo chown www-data:www-data wp-content -R - Change uploads folder permissions:
sudo chmod 755 -R uploads - Change plugins folder permissions:
sudo chmod 755 -R plugins
Even though all of them make sense, nothing worked. What worked for me was a much more simple solution.
sudo nautilus
and then i changed folder permissions thorough the GUI.
It actually does exactly the same as above, but succeeds.