[resolved] How do I keep out public (23 posts)

  1. lotsagarlic
    Posted 9 years ago #

    before I launch while I'm modifying the theme?

    This is my first WordPress installation. Great so far -- except -- I need to customize the images, colors, and so on and I want to redirect the public to another domain before until I can finish building and clean up the contruction debris.

    I don't want to be troubleshooting CSS while the site is live.

    I installed WordPREss to root, uploaded an HTML redirect called index.htm, and made that doc the default doc. That allows me to write posts and do a few other things while redirecting the public away. But I can only view the home page of the WordPRess blog, and I can't even upload images.

    I need to make major changes to the graphic and css aspects of the theme (I know CSS and HTML, so I can do this), but I need a way to work in peace out of the public eye and test methododically as I go.

    Also, it's not fair to my client to have a half-finished "under construction" site plainly in view.

    Do I need to uninstall and reinstall to a subdirectory, such as /blog?


  2. lotsagarlic
    Posted 9 years ago #

    Perhaps related -- but maybe not:

    When I try to upload an image in the Post Panel, I get this error message:

    "Unable to create directory /home/frauire8/public_html/wp-content/uploads/2006/03. Is its parent directory writable by the server?"

    If I remove the index.htm redirect, maybe this will clear up, but my client will be unhappy if I do all the site development in plain view. The domain has already be mentioned in the local newspapers as soon to be launched. Awkward situation. I didn't realize WordPress would not let me use a redirect page until the site was ready for launch.

  3. devilmaycry
    Posted 9 years ago #

    You could password protect your public_html folder using a .htaccess file, obviously meaning only users that know the password could gain access to your blog. But I just installed a test wordpress blog under a different directory, for instance: domain/test/wp/ and tweak my templates from there. When I'm satisfied with a template I will move it to my primary blog and go from there.

  4. Mark (podz)
    Support Maven
    Posted 9 years ago #

    First post:
    You could do it all in a subdirectory as you say, or you could use something like xampp and develop on your computer (PC)

    Second post:
    You need to make the directory 'wp-content' writable. Permissions of 755 should do.

    And WP is not at fault here with the redirects.

  5. 3stripe
    Posted 9 years ago #

    There's a plugin which only lets registered/logged in users view your site -> http://blog.taragana.com/index.php/archive/angsumans-authenticated-wordpress-plugin-password-protection-for-your-wordpress-blog/

    Or if you just want to hide your site from prying eyes - put a page called index.html with 'coming soon' or similar in your wordpress root folder, and that will load up by default instead of index.php. This method isn't foolproof but it's quick and works for me!(You have to remember to temporarily point your homepage links to the php and not html page though)

  6. lotsagarlic
    Posted 9 years ago #

    Wow! Great responses. I'll try podz' suggestion first:
    "You need to make the directory 'wp-content' writable. Permissions of 755 "

    Maybe that will allow WP to behave normally.

    Thanks also for the other suggestions re: the plugins and installing to a testbed directory. I didn't realize you could have more than one instance of WordPress running on the same domain.

    I guess my remaining question is, does WP need its page to the THE DEFAULT page in its directory?

    Or can I have the server set to use index.htm as the DEFAULT PAGE and still have WordPress know to use index.php without problems?

  7. 3stripe
    Posted 9 years ago #

    Here's the one I'm working on at the moment:

    http://www.paulryding.com (old site still shows)
    http://www.paulryding.com/index.php (new site - but i've had to make the homepage button link to index.php)

  8. abhideydas
    Posted 9 years ago #

    or you can put a .htaccess code making a file other than index.php or index.html the homepage which in turn re-directs to another page.

  9. lotsagarlic
    Posted 9 years ago #

    Thnks for the feedback, everyone. After trying various workarounds without success, I decided to uninstall (it was a new installation) and reinstall to /www.mydomain.com/blog/

    Because WordPress seems to choke if something other than index.php is the default doc for the directory it needs to use.

    (My client want sto use a redirect, not a login screen, to keep the public out).

    But the main issue is that I'm still having the error message. I just wrote my host about it. Does anyone know whether Midphase (also called ANHosting) is one of those hosts that isn't set up to allow you to use permissions settings of 777 for folders and 644 for files?

    Because maybe that's been my problem all along.

    The folders are currently set to 777 and the files to 644, but when I try to upload an image via the Admin Post interface, I get this error message:

    Unable to create directory
    /home/frauire8/public_html/blog/wp-content/uploads/2006/03. Is its parent directory writable by the server?

    Maybe I need to change hosts. If the server permissions setup is the problem, I'm still within the 30-day money-back window and can change to a more secure host.

  10. lotsagarlic
    Posted 9 years ago #



    BIG TYPO!!!!

    I meant 755 --- NOT 777!

    Sorry for the mistake.

  11. thunderlove
    Posted 9 years ago #

    755? Shouldn't that be 775? (assuming, that is, the directories in question are gid 'www' or 'apache' or whatever)

  12. lotsagarlic
    Posted 9 years ago #

    According to this source, it should be 755 or lower:

  13. thunderlove
    Posted 9 years ago #

    No, and yes --

    No, its 755 or lower IF your server is running phpsuexec. Otherwise, the server cannot write to the directory. The server runs as 'nobody' or 'www' or 'apache' or some such -- not 'root' and not your uid. If the directory is set to the same group as the server, and group-writable, then the server can write to it.

    Yes, it is *much* more secure to use phpsuexec (assuming you are on shared hosting) By making a directory 775, other users might(could) be able to write to it, via *their* cgi scripts.

    Most ISP's batton down what they can (php for example, can be restricted), and most people who pay for hosting are not going to go hacking, given that they are known by the hosting company. But still....

    EDIT: (realized i was talking too much 'geek', so will add a touch of clarification, for any reader who is confused by chmod)

    In the number, say, 750, the first '7' applies to the user, the middle number ('5') applies to a group of users [each user belongs to one or more groups], and the last number ('0') applies to everyone else.

    The numbers themselves are formed by adding:

    +1 == execute (or access a directory)
    +2 == write
    +4 == read

    So, 750 means the owner can read/write/execute, anyone in the file's group can read/execute, and everyone else is out of luck

  14. lotsagarlic
    Posted 9 years ago #


    Thanks for the thoughtful and detailed explanation.

    The techies at my Host are trying to help, but I'm a new customer and don't want to stay at this host and set WordPRess up there if it's not secure.

    I asked my host if they ran phpsuexec. Here's what they said:

    "We don't run phpsuexec but php is running under apache user and that is why it cannot create files in folders owned by you and chmodded to 755. Hope this helps."

    "I can set the folder group to "nobody" and permissions to 775. It will allows apache to write to the folder and it's more secure then 777 Please let me know if it's ok for you."

    So, is this secure or not? A WordPress user called podz said that site5 hosting runs phpsuexec but I don't know whether that is for shared hosting or not and their sales team is not in until tomorrow. Also, I saw no mention of Fantastico auto-install in the Site5 hosting packages. I would prefer to have WordPress installed if possible. But maybe better hosts don't provide Fantastico auto-install and expect you to know how to install it yourself? Just wondering. Thanks for your advice.

    Specifically, do you know of a good ISP for shared hosting on servers that run phpsuexec -- ideally, that also offer WordPress auto-install?


  15. thunderlove
    Posted 9 years ago #


    Is 775 secure? No, not very at all -- consider for a moment the file 'wp-config.php'. The one that holds your database password...it should (ideally) to 600, so that not even apache can read it (if apache can read it, then [maybe] other users can too)

    I've recently signed on to dreamhost.com (two weeks ago -- not long enough to vouch for their service, but long enough to vouch for their offering). They run phpsuexec, and have WordPress one-click-install, and more (MUCH MUCH more).


    (forums -- so you can see the good AND the bad)

    On the other hand, customer service seems vital (for the sake of your client) -- and if podz can vouch for that, you might just want to go with site5.

    PS: (if you DO decide to sign up [with dreamhost], you might want to know about their affilate program. It uses promotional codes, the "enter this code when you sign up and get $50 off" You can spot them in some signatures on the discussion board)

  16. lotsagarlic
    Posted 9 years ago #

    Thanks very much. I was considering Dreamhost.

    Do you happen to know -- if you email Dreamhost during off-hours -- say 11PM -- do you get a response from a resonably competent techie within an hour or so?

  17. OperaManiac
    Posted 9 years ago #

    dreamhost is pretty good. i had also recommend you to check out HostGator and A Small Orange.

  18. lotsagarlic
    Posted 9 years ago #

    Thanks very much. To be fair, ANHosting has been great otherwise. Very responsive and competent support staff. Can usually get an email back in less than an hour no matter when you write. Very nice online tutorials and various utilities and extras. If they ran phpsuexec, I would be staying with them.

    They offer it for their dedicated servers but not for shared. They say that some php scripts can't run under phpsuexec and on a shared server, customers complain. I wonder why some other ISPs don't seem to have the same problem. Oh, well. Next time I'll know.

  19. thunderlove
    Posted 9 years ago #

    Perhaps they would enable phpsuexec for you? (with the understanding that you would not complain to them if things weren't working -- other users would not be able to run it, unless they specifically enabled it)

  20. lotsagarlic
    Posted 9 years ago #

    What a great idea. I'll ask.

  21. lotsagarlic
    Posted 9 years ago #

    Wait ... I was starting to write them with this suggestion, when I realized ... I don't want to be sharing a server with a lot of OTHER hosting accounts that are vulnerable to all kinds of attacks ... no, I'm afraid that if I don't move, I will end up regretting it.

    Security breaches, when they occur, are a far bigger headache than moving to a new ISP. I will tell this ISP they were great otherwise and to consider offering servers that run phpsuexec.

  22. lotsagarlic
    Posted 9 years ago #

    Thanks very much for your helpful comments, everyone.

  23. thunderlove
    Posted 9 years ago #

    good point ;) And glad i could help!

Topic Closed

This topic has been closed to new replies.

About this Topic