And why do not your try to set the permission to 755 in your wp-content folder ?
It has 755 permission. In opposite case WP would not work. But as far I understand, plugin tries to make extra files in wp-content directory. And 755 does’t permit such operations. I didn’t find any mentions about required writing permissions for plugin. So I decided that it is kind of bug. It isn’t?
755 allows the the creation of files and folders by the user … 755 is applied on subdirectories recursively ?
The problem should be indicated in the configuration page of the plugin !
Nevertheless the plugin need to create file and directory to handle dynamic CSS and js files and to manage translations files
I can’t open configuration page because plugin starts flood disk with error messages.
Could I create these files manually? Or just make this directory writeable once? It might be some kind of paranoia, but I do not want make my fs available for writing without exceptional circumstances. And I think it worth to point this requirement in the readme file. Just as suggestion.
Actually I do not understand your point … What is the issue of allowing a plugin to write in its own directory and in a tmp dir (ie wp-content/sedlex) ?
The only thing to do to create the file is to set the permssion to 755 on the plugin folder (and recursively on subfolders) and to create wp-content/sedlex/ and do the same
Plugins being implemented mostly by indie developers. And those can’t pay enough attention and time to plugin’s security. The point is that one could found vulnerability in some plugin and be available write anything to server’s fs. Whole WP on my hosting at the moment works without permissions to write anything to fs except of MySQL database.
I do not say that my plugin does not has any vulnerabilities (no developer may say that) but I say that allowing a plugin to write in its own directory is not an security issue as the only danger is for himself. It is exactely the same point for a specific and dedicated folder as requested.
OK. Is it enough make this dir writeable one time? Or it should be writeable all the time? Does pluging write something constantly?
It should be writable all the time.
In the wp-content/sedlex directory, the plugin generates DYNAMICALLY the appropriate CSS and JS file
In the plugin directory the plugin only write if you modify a translation file
Have you manage to solve your problem ?
If so please mark this topic as solved
Thkx
Hi,
I’ve set write permissions on plugin’s directory and to sedlex directory pluging createdin ./wp-content/ directory. Once plugin’s settings page opened I’ve removed write permissions from sedlex dir. It generates errors when opening settings page. But I can admit it.
So, problem isn’t solved. It is just dirty workaround to be able to open settings page.
Hey Sed Lex,
A bit off-topic here but there is any reason you choose to add your own directory in wp-content instead of plugin directory?
Thanks.
Yes indeed there is a reason π
As you know, it is possible to have a plurality of site attached to a single WP installation.
Each installation may have their own data and should be separated.
For security reasons, some host / person does not want WP to modify anything except the wp-content which may include pictures, attachement, etc.
Thus, it is much easier to put all ‘temp’ file in wp-content.
The plugin is then never changed as remains as it has been installed (excepted if you translate the plugin but this is another question:))
Thanks for the explanation. I believe that using a more appropriate (self-descriptive) name for the directory would be better. You can also consider uploads folder for that as I’ve seen many plugins using it.
