My ISP changed the hosting for my WordPress blog and everything stopped working. There was a DNS issue but they resolved that, but then every page apart from the home page returned a 404 error.
When I checked the permalinks page (
/wp-admin/options-permalinks.php) in wp-admin I saw the following:
If your .htaccess file were writable, we could do this automatically, but it isn’t so these are the mod_rewrite rules you should have in your .htaccess file. Click in the field and press CTRL + a to select all.
- .htaccess - Redirect duplicated post ended in '-number/' to the same url without the -number/
- Custom permalink structure for custom post type
- Move WordPress site from one domain to another
- Combining Multiple Taxonomies in one URL
- Taxonomy, Terms, and Template Files
- single-type.php not working, delivering 404
Adding what it listed (via my ISP’s file manager) fixed the problem but got me wondering.
What I’d like is for the
.htaccess file be writeable for wp-admin.
I know that the file should not be writable for everyone and I would keep the permissions as restrictive as possible to keep things secure, I’m just interested in making my life easier.
However, I note the that the permissions on the file are:
So what permissions do I need to set to make the file writeable by wp-admin, but not by anyone and everyone? Or is it some other permissions on the server that need to be set?
I can manually make edits through the ISP’s file manager interface so it’s not as if I can’t update the file at all. It’s just that it could get to be a pain if I have to keep doing this.
Short version: You can’t.
Long version: Technically there are ways this can be achieved but they are ① likely not available to you as a user on a shared server where you do not have root permissions and ② even if they were, they come with ‘gotchas’ that you really don’t want to deal with.
First of all, if you are not the sys-admin with root permissions it is doubtful that you have any hope of setting the necessary permissions.
The UNIX permission bits control whether each of you, people in your group and anybody can read, write and execute files. Given that set of options and the fact that you and the web server are likely not in the same group, there is no way for you no use those permissions to set a value whereby you and the web server user can write the file but other people cannot. By definition you would have to change the “world” permissions and … you can do the math.
On the off chance that your user account and the web server in fact run in the same user group, you should seriously begin to doubt the security of your web service provider.
A slightly less insane technique that some hosts employ is giving you a special interface to convert specific files and folders to be owned by the web server. This is a convenience-over-security choice they make that makes like easy for folks, but it comes with strings attached. In any event you would not be able to manually edit the file without changing the ownership back to yourself.
Even if one or more way is afforded you to let the webserver software edit the .htaccess file, you are much better off not taking them up on it. In a shared hosting environment you have to realize that other people besides you are ALSO executing code as the web server user. If your WordPress installation is able to change your .htaccess file, what is to stop the next guys’s wordpress from maliciously changing yours? Well theoretically PHP’s open_base_dir sittings will jail it to reading and writing things inside of your DOCUMENT_ROOT, but while the PHP module is reasonably good about enforcing this it is quite common for ISP’s and small time hosts to have other CGI systems that are not properly jailed or straight up miss-configured server settings that allow other users on the same server to mess with anything any other users have converted to be owned by the webserver.
The only technical way to really make this possible is with a virtual host setup that actually runs as you when serving your site (which actually introduces other risks) or with file system ACL’s — and while possible it is unlikely that your ISP is equipped to configure those correctly.
In summary, you are actually better off security-wise with wp-admin not being able to write to .htaccess. This should be an infrequent issue anyway, usually on version changes of either WordPress or the server software (e.g. the switch from Apache 2.2 to 2.4 meant a lot of .htaccess files across the net had to be updated, but that was years in the making). This is not something that should be changing every time you update your site, only if you made an architectural change and needed to facilitate the migration of old URL’s to new ones, etc.
On computer filesystems, different files and directories have permissions that specify who and what can read, write, modify and access them. This is important because WordPress may need access to write to files in your wp-content directory to enable certain functions.
But, It’s better to keep .htaccess file non writable to world. The .htaccess is a distributed configuration file, and is how Apache handles configuration changes on a per-directory basis.
Keeping .htaccess file as world writable have it own consequences as well. Majorly security issues. The worst that can happen as a result of using 777 permissions on a folder or even a file, is that if a malicious cracker or entity is able to upload a devious file or modify a current file to execute code, they will have complete control over your blog, including having your database information and password.
Default Permissions (umask 022)
644 -rw-r--r-- /home/user/wp-config.php 644 -rw-r--r-- /home/user/cgi-bin/.htaccess
600 -rw------- /home/user/wp-config.php 604 -rw----r-- /home/user/cgi-bin/.htaccess
644 > 604 – The bit allowing the group owner of the .htaccess file read permission was removed. 644 is normally required and recommended for .htaccess files.