Can not upload file to wp-content

Last week, I have set up a WordPress website for my team, everything went quite smooth until I decided  to change our website background image. An error message was displayed: “The uploaded file could not be moved to wp-content/uploads/”. I tried to find the answers to that error through several websites. Almost all the answers that I encountered suggest me to chmod my wp-content folder with the command:

sudo chmod -R 777 wp-content.

This is dangerous.

1. Why is it dangerous

Whenever you apply permission setting 777 to a folder or a file, it means that everyone can read, execute and write that content (file or folder). For example, a random user could do whatever he wants with that folder/file. There are 3 groups of permissions: Owner, Group and Other. By setting permission setting to 777, it means, all the three groups: Owner/Group/Other can read/write/execute that file/folder. You don’t want that, right? So how to solve the aforementioned problem while preserving our content’s security and privacy.

2. How to fix the error and preserve the security of your website

In my case, I use Apache as HTTP server, so when our WordPress website makes a request to read/write/execute any folder/file such as background image, change theme’s style (CSS file) etc., the request is created on behalf of Apache user group. Therefore, if  Apache user group doesn’t have the corresponding permission, the request will not be accepted. Normally, when you download WordPress source code, its owner will be the user-name you are logging in to. To make Apache work, you should change the owner group of your website (website root’s folder) to Apache’s. Besides, to find out the group execute the bellow command:

ps aux | egrep ‘(apache|httpd)’

_www             7312   0.0  0.1  2566428  17864   ??  S    Tue10AM   0:19.56 /usr/sbin/httpd -D FOREGROUND

_www             7311   0.0  0.1  2565404  13244   ??  S    Tue10AM   0:22.39 /usr/sbin/httpd -D FOREGROUND

_www             7309   0.0  0.1  2566700  16420   ??  S    Tue10AM   0:21.09 /usr/sbin/httpd -D FOREGROUND

_www             7307   0.0  0.0  2566684   6384   ??  S    Tue10AM   0:18.85 /usr/sbin/httpd -D FOREGROUND

_www             7306   0.0  0.1  2565676  13268   ??  S    Tue10AM   0:19.59 /usr/sbin/httpd -D FOREGROUND

root               93   0.0  0.0  2482064   2516   ??  Ss   Sun05PM   0:05.49 /usr/sbin/httpd -D FOREGROUND

the account named _www is Apache service’s account, you now should change the owner of your website’s root folder to _www

      1. Assump that your website is located at: /var/www/public_html/your_web_site
      2. Execute the command: sudo chown -R _www /var/www/public_html/your_web_site

Try again (uploading a picture or modifying the CSS file) and enjoy the results.

 

 

*In case you have changed (chmod) permission of any folder/file of your website to 777, you definitely should update it, only the owner group should have full permissions (read/write/access) to that folder/file, the other 2 groups (Group/Other) should have only read or read/execute: A recommended setting is: 755 (7: Owner can read, write and execute; 5: Group can read execute) meaning that only the Owner has the write permission.

If you are not familiar with File Permissions, just follow the bellow command:

sudo chmod -R 755 /var/www/public_html/your_web_site

Leave a Reply

Your email address will not be published. Required fields are marked *