Category Archives: web

Overriding Aruba default file permissions

Posted on by
Reply

Ever had a bad 500 Error while updating wordpress or plugins ???

I’had lot’s of time ;-( and always the cause was a file permission issue due to the fact that i’m hosting my site with Aruba linux server.. .

But no more headscratch from today !!! :-)))
Reading deeper the documentation i’ve found an other great tip to share with you all..
So, open up your ears:

It’s possible to override default file permission by defining some constants in wp-config.php !!!

Once again what follow is taken from the codex …

The FS_CHMOD_DIR and FS_CHMOD_FILE define statements allow override of default file permissions. These two variables were developed in response to the problem of the core update function failing with hosts (e.g. some Italian hosts) running under suexec. If a host uses restrictive file permissions (e.g. 400) for all user files, and refuses to access files which have group or world permissions set, these definitions could solve the problem. Note that the ’0755′ is an octal value. Octal values must be prefixed with a 0 and are not delineated with single quotes (‘). See Also: Changing File Permissions

define('FS_CHMOD_DIR', (0755 & ~ umask()));
define('FS_CHMOD_FILE', (0755 & ~ umask()));

And there is a lot more in wp-config.php documentation ..
Once again.. go read the entire article on the codex
;-)

Post-scriptum:
I’ve marked in red the evidence that we italians always make ourself recognized

Disable WordPress File Editing

Posted on by
Reply

It’s very important to turn off default wordpress file editing feature !
What follow is taken from the codex

The WordPress Dashboard by default allows administrators to edit PHP files, such as plugin and theme files. This is often the first tool an attacker will use if able to login, since it allows code execution. WordPress has a constant to disable editing from Dashboard. Placing this line in wp-config.php is equivalent to removing the ‘edit_themes’, ‘edit_plugins’ and ‘edit_files’ capabilities of all users:

define('DISALLOW_FILE_EDIT', true);

This will not prevent an attacker from uploading malicious files to your site, but might stop some attacks.

And there is a lot more in wp-config.php documentation ..
Go read the entire article on the codex
;-)

Alternate WordPress Cron

Posted on by
Reply

I was trying to run daily wp-cron tasks without success in a temporary hosting using local host file for domain resolution… and

In feew words my browser was resolving example.com to the correct ip address but the cron was not resolving example.com and the call to example.com/wp-cron.php was having a 404.

I went down on the code and in wp-includes\cron.php found that if defined ALTERNATE_WP_CRON the script in spawn_cron function will do a wp_redirect instead of a wp_remote_post; basically it means that the browser will call the cron instead of the server.

So if something is going wrong with the wordpress cron try adding the following to the config.php and see if will solve.

define('ALTERNATE_WP_CRON', true);

In my case it do the shit untill the DNS will propagate, after that i will comment it !
Teel me if it was helpfull ;-)