WordPress.org

Ready to get started?Download WordPress

Forums

[Plugin: WP Super Cache] Howto drop write permissions for wp-content (4 posts)

  1. ipavkovic
    Member
    Posted 6 years ago #

    Playing around with wp cache and now with wp supercache (nice plugin!) I noticed that it needs file write permissions on wp-content for changing settings. This is - from my point of view - not necessary so I wrote a patch to change the behaviour:

    --- wp-cache.php.orig   2008-04-02 13:10:18.000000000 +0200
    +++ wp-cache.php        2008-04-02 13:23:14.000000000 +0200
    @@ -25,7 +25,8 @@
         Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
     */
    
    -$wp_cache_config_file = ABSPATH . 'wp-content/wp-cache-config.php';
    +$wp_cache_config_file_rel = 'wp-content/wp-cache-config.php';
    +$wp_cache_config_file = ABSPATH . $wp_cache_config_file_rel;
    
     if( !@include($wp_cache_config_file) ) {
            get_wpcachehome();
    @@ -65,7 +66,7 @@
     }
    
     function wp_cache_manager() {
    -       global $wp_cache_config_file, $valid_nonce, $supercachedir, $cache_path, $cache_enabled, $cache_compression, $super_cache_enabled, $wp_cache_hello_world;
    +       global $wp_cache_config_file_rel, $wp_cache_config_file, $valid_nonce, $supercachedir, $cache_path, $cache_enabled, $cache_compression, $super_cache_enabled, $wp_cache_hello_world;
    
            if( function_exists( 'is_site_admin' ) )
                    if( !is_site_admin() )
    @@ -130,14 +131,14 @@
                    <p>It appears that mod_rewrite is not installed. Sometimes this check isn't 100% reliable, especially if you are not using Apache. Please verify that the mod_rewrite module is loaded. It is required for serving Super Cache static files. You will still be able to use WP-Cache.</p><?php
            }
    
    -       if( !is_writeable( ABSPATH . 'wp-content/' ) || !is_writable($wp_cache_config_file) ) {
    +       if( !is_writable( $wp_cache_config_file) ) {
                    define( "SUBMITDISABLED", 'disabled style="color: #aaa" ' );
                    ?><h4 style='color: #a00'>Read Only Mode. Configuration cannot be changed. <a href="javascript:toggleLayer('readonlywarning');" title="Why your configuration may not be changed">Why</a></h4>
                    <div id='readonlywarning' style='border: 1px solid #aaa; margin: 2px; padding: 2px; display: none;'>
    -               <p>The WP Super Cache configuration file is <code><?php echo ABSPATH ?>wp-content/wp-cache-config.php</code> and cannot be modified. The wp-content directory and wp-cache-config.php file must be writeable by the webserver to make any changes.<br />
    +               <p>The WP Super Cache configuration file is <code><?php echo $wp_cache_config_file_rel ?></code> and cannot be modified. The wp-cache-config.php file must be writeable by the webserver to make any changes.<br />
                    A simple way of doing that is by changing the permissions temporarily using the CHMOD command or through your ftp client. Make sure it's globally writeable and it should be fine.<br />
    -               Writeable: <code>chmod 777 wp-content; chmod 666 wp-content/wp-cache-config.php</code><br />
    -               Readonly: <code>chmod 755 wp-content; chmod 644 wp-content/wp-cache-config.php</code></p>
    +               Writeable: <code>chmod 666 wp-content/wp-cache-config.php</code><br />
    +               Readonly: <code>chmod 644 wp-content/wp-cache-config.php</code></p>
                    </div><?php
            } else {
                    define( "SUBMITDISABLED", ' ' );

    Now wp-content can be readonly as long as wp-content/wp-cache-config.php and wp-content/cache/ are writeable.

    I posted it here as I did not find any bug tracking system for this plugin.

    Best Regards

  2. Donncha O Caoimh
    Member
    Posted 6 years ago #

    Thanks for that patch, I haven't looked at it too carefully yet but it'll be useful. Unfortunately, to install the plugin wp-content has to be writeable to make the advanced-cache.php symlink but there's no way out of that unfortunately.

  3. ipavkovic
    Member
    Posted 6 years ago #

    The only thing the patch is doing is to remove the isWriteable-check on dir wp-content AFTER installation. It may be a nice idea to warn the people after installation to chmod wp-content to 755. Something like

    --- wp-cache.php.orig2  2008-04-02 13:23:14.000000000 +0200
    +++ wp-cache.php        2008-04-03 16:26:35.000000000 +0200
    @@ -131,6 +131,11 @@
                    <p>It appears that mod_rewrite is not installed. Sometimes this check isn't 100% reliable, especially if you are not using Apache. Please verify that the mod_rewrite module is loaded. It is required for serving Super Cache static files. You will still be able to use WP-Cache.</p><?php
            }
    
    +       if( is_writeable( ABSPATH . 'wp-content/' ) ) {
    +               ?><p><strong style='color: #a00'>WARNING! wp-content is writable. Please make it readonly after installation of wp-super-cache as this is a security risk.<br />
    +               Readonly: <code>chmod 755 wp-content</code></strong></p><?php
    +       }
    +
            if( !is_writable( $wp_cache_config_file) ) {
                    define( "SUBMITDISABLED", 'disabled style="color: #aaa" ' );
                    ?><h4 style='color: #a00'>Read Only Mode. Configuration cannot be changed. <a href="javascript:toggleLayer('readonlywarning');" title="Why your configuration may not be changed">Why</a></h4>

    Best Regards

  4. mrsmecomber
    Member
    Posted 6 years ago #

    I need some help in understanding all the lingo here. (English is my first language and PHP is a distant tenth). :S

    I just installed WP Super Cache. I followed the Installation directions. I am having a problem at the part where the install says to check the .htaccess file for the mod_rewrite rules. I have the code there, all is fine. Then the next instruction says:

    After you have enabled the plugin, look for the file "wp-content/cache/.htaccess". If it's not there you must create it.

    I made an .htaccess.php file and put in the information it said:

    AddEncoding x-gzip .gz
    AddType text/html .gz

    and put it in the wp-content/cache folder. But when I looked to check my previous .htaccess file (the mod_rewrite rules) in my public_html folder, the mod_rewrite rules code was gone and was replaced with this:

    # BEGIN supercache
    AddEncoding x-gzip .gz
    AddType text/html .gz
    # END supercache

    Is this supposed to happen?!?! I am baffled. I didn't change it.

    Also, when I go to my Super Cache plugin settings via the dashboard, there is this:

    WARNING! /home/"MY SERVER"/public_html/"MY BLOG"/ is writable. Please make it readonly after your page is generated as this is a security risk.

    I made the CHMOD to 755 and I am still getting the same warning. What am I doing wrong?

    And is it possible to have a secure blog and still use Super Cache? I've been reading around and I am getting conflicting opinions.

    please help. I'm afraid I've got this wide-open hole in my server and all for nothing.

Topic Closed

This topic has been closed to new replies.

About this Topic