Support » Fixing WordPress » How do I keep out public

  • Resolved lotsagarlic


    before I launch while I’m modifying the theme?

    This is my first WordPress installation. Great so far — except — I need to customize the images, colors, and so on and I want to redirect the public to another domain before until I can finish building and clean up the contruction debris.

    I don’t want to be troubleshooting CSS while the site is live.

    I installed WordPREss to root, uploaded an HTML redirect called index.htm, and made that doc the default doc. That allows me to write posts and do a few other things while redirecting the public away. But I can only view the home page of the WordPRess blog, and I can’t even upload images.

    I need to make major changes to the graphic and css aspects of the theme (I know CSS and HTML, so I can do this), but I need a way to work in peace out of the public eye and test methododically as I go.

    Also, it’s not fair to my client to have a half-finished “under construction” site plainly in view.

    Do I need to uninstall and reinstall to a subdirectory, such as /blog?


Viewing 15 replies - 1 through 15 (of 22 total)
  • Perhaps related — but maybe not:

    When I try to upload an image in the Post Panel, I get this error message:

    “Unable to create directory /home/frauire8/public_html/wp-content/uploads/2006/03. Is its parent directory writable by the server?”

    If I remove the index.htm redirect, maybe this will clear up, but my client will be unhappy if I do all the site development in plain view. The domain has already be mentioned in the local newspapers as soon to be launched. Awkward situation. I didn’t realize WordPress would not let me use a redirect page until the site was ready for launch.

    You could password protect your public_html folder using a .htaccess file, obviously meaning only users that know the password could gain access to your blog. But I just installed a test wordpress blog under a different directory, for instance: domain/test/wp/ and tweak my templates from there. When I’m satisfied with a template I will move it to my primary blog and go from there.

    Mark (podz)


    Support Maven

    First post:
    You could do it all in a subdirectory as you say, or you could use something like xampp and develop on your computer (PC)

    Second post:
    You need to make the directory ‘wp-content’ writable. Permissions of 755 should do.

    And WP is not at fault here with the redirects.

    There’s a plugin which only lets registered/logged in users view your site ->

    Or if you just want to hide your site from prying eyes – put a page called index.html with ‘coming soon’ or similar in your wordpress root folder, and that will load up by default instead of index.php. This method isn’t foolproof but it’s quick and works for me!(You have to remember to temporarily point your homepage links to the php and not html page though)

    Wow! Great responses. I’ll try podz’ suggestion first:
    “You need to make the directory ‘wp-content’ writable. Permissions of 755 “

    Maybe that will allow WP to behave normally.

    Thanks also for the other suggestions re: the plugins and installing to a testbed directory. I didn’t realize you could have more than one instance of WordPress running on the same domain.

    I guess my remaining question is, does WP need its page to the THE DEFAULT page in its directory?

    Or can I have the server set to use index.htm as the DEFAULT PAGE and still have WordPress know to use index.php without problems?

    Here’s the one I’m working on at the moment: (old site still shows) (new site – but i’ve had to make the homepage button link to index.php)

    or you can put a .htaccess code making a file other than index.php or index.html the homepage which in turn re-directs to another page.

    Thnks for the feedback, everyone. After trying various workarounds without success, I decided to uninstall (it was a new installation) and reinstall to /

    Because WordPress seems to choke if something other than index.php is the default doc for the directory it needs to use.

    (My client want sto use a redirect, not a login screen, to keep the public out).

    But the main issue is that I’m still having the error message. I just wrote my host about it. Does anyone know whether Midphase (also called ANHosting) is one of those hosts that isn’t set up to allow you to use permissions settings of 777 for folders and 644 for files?

    Because maybe that’s been my problem all along.

    The folders are currently set to 777 and the files to 644, but when I try to upload an image via the Admin Post interface, I get this error message:

    Unable to create directory
    /home/frauire8/public_html/blog/wp-content/uploads/2006/03. Is its parent directory writable by the server?

    Maybe I need to change hosts. If the server permissions setup is the problem, I’m still within the 30-day money-back window and can change to a more secure host.



    BIG TYPO!!!!

    I meant 755 — NOT 777!

    Sorry for the mistake.

    755? Shouldn’t that be 775? (assuming, that is, the directories in question are gid ‘www’ or ‘apache’ or whatever)

    According to this source, it should be 755 or lower:

    No, and yes —

    No, its 755 or lower IF your server is running phpsuexec. Otherwise, the server cannot write to the directory. The server runs as ‘nobody’ or ‘www’ or ‘apache’ or some such — not ‘root’ and not your uid. If the directory is set to the same group as the server, and group-writable, then the server can write to it.

    Yes, it is *much* more secure to use phpsuexec (assuming you are on shared hosting) By making a directory 775, other users might(could) be able to write to it, via *their* cgi scripts.

    Most ISP’s batton down what they can (php for example, can be restricted), and most people who pay for hosting are not going to go hacking, given that they are known by the hosting company. But still….

    EDIT: (realized i was talking too much ‘geek’, so will add a touch of clarification, for any reader who is confused by chmod)

    In the number, say, 750, the first ‘7’ applies to the user, the middle number (‘5’) applies to a group of users [each user belongs to one or more groups], and the last number (‘0’) applies to everyone else.

    The numbers themselves are formed by adding:

    +1 == execute (or access a directory)
    +2 == write
    +4 == read

    So, 750 means the owner can read/write/execute, anyone in the file’s group can read/execute, and everyone else is out of luck


    Thanks for the thoughtful and detailed explanation.

    The techies at my Host are trying to help, but I’m a new customer and don’t want to stay at this host and set WordPRess up there if it’s not secure.

    I asked my host if they ran phpsuexec. Here’s what they said:

    “We don’t run phpsuexec but php is running under apache user and that is why it cannot create files in folders owned by you and chmodded to 755. Hope this helps.”

    “I can set the folder group to “nobody” and permissions to 775. It will allows apache to write to the folder and it’s more secure then 777 Please let me know if it’s ok for you.”

    So, is this secure or not? A WordPress user called podz said that site5 hosting runs phpsuexec but I don’t know whether that is for shared hosting or not and their sales team is not in until tomorrow. Also, I saw no mention of Fantastico auto-install in the Site5 hosting packages. I would prefer to have WordPress installed if possible. But maybe better hosts don’t provide Fantastico auto-install and expect you to know how to install it yourself? Just wondering. Thanks for your advice.

    Specifically, do you know of a good ISP for shared hosting on servers that run phpsuexec — ideally, that also offer WordPress auto-install?



    Is 775 secure? No, not very at all — consider for a moment the file ‘wp-config.php’. The one that holds your database password…it should (ideally) to 600, so that not even apache can read it (if apache can read it, then [maybe] other users can too)

    I’ve recently signed on to (two weeks ago — not long enough to vouch for their service, but long enough to vouch for their offering). They run phpsuexec, and have WordPress one-click-install, and more (MUCH MUCH more).

    (forums — so you can see the good AND the bad)

    On the other hand, customer service seems vital (for the sake of your client) — and if podz can vouch for that, you might just want to go with site5.

    PS: (if you DO decide to sign up [with dreamhost], you might want to know about their affilate program. It uses promotional codes, the “enter this code when you sign up and get $50 off” You can spot them in some signatures on the discussion board)

    Thanks very much. I was considering Dreamhost.

    Do you happen to know — if you email Dreamhost during off-hours — say 11PM — do you get a response from a resonably competent techie within an hour or so?

Viewing 15 replies - 1 through 15 (of 22 total)
  • The topic ‘How do I keep out public’ is closed to new replies.