Prevent PHP execution failed - permission denied

Hi,

While trying to add the htaccess file to prevent PHP execution of this file I received this error:

file_put_contents(/home/content/p3pnexwpnas04_data03/38/2440238/html/wp-includes/.htaccess): failed to open stream: Permission denied in /home/content/p3pnexwpnas04_data03/38/2440238/html/wp-content/plugins/wp-defender/app/module/hardener-module/component/class-wd-protect-core-dir.php on line 380
How do I fix this?
Thanks

  • Tyler Postle
    • CGO

    Hey @wpdev1,

    Hope you're having a great weekend.

    Can you add this to the .htaccess in your /wp-content/ folder:

    <Files wd-protect-core-dir.php>
    Allow from all
    </Files>

    This will create an exception for that file.

    Then try running the /wp-includes prevention rule again :slight_smile:

    If you still have any further issues just let us know.

    Cheers,
    Tyler

  • Tyler Postle
    • CGO

    Hey @wpdev1,

    My mistake here. I spoke with the developer about the above just in-case and turns out this actually isn't related to Defender restricting access, but instead your folder permissions.

    By default your wp-includes folder is usually permissions level 755. Can you change it to that?

    Here is some more info on WordPress permissions: https://codex.wordpress.org/Changing_File_Permissions

    Usually you will be able to change permissions via FTP or through our cPanel file manager. If this doesn't seem to be working then can you send in your FTP so I can have a closer look?

    You can send that privately through our contact form: https://premium.wpmudev.org/contact/

    Select "I have a different question" for your topic - this and the subject line ensure that it gets assigned to me.

    Send in:

    Subject: "Attn: Tyler Postle"
    -WordPress admin username
    -WordPress admin password
    -login url
    -FTP credentials (host/username/password)
    -link back to this thread for reference
    -any other relevant urls

    **If you keep support access active then no need to send in wp-admin

    Look forward to hearing back!

    Cheers,
    Tyler

    • Leonard
      • Site Builder, Child of Zeus

      Hi Tyler,

      Can you tell me how this issue was resolved? I encountered the same problem for several domains on my server. So my guess is it has got something to do with permissions, but I'm not sure.

      Since I want to implement the plugin for all our customers it is important for me to handle the implementation myself.

      Cheers, Leonard

  • YMCC
    • WPMU DEV Initiate

    Hi Leonard,

    Honestly I don't know how it was fixed. Before I could follow the threads posted by the team leader, it looks like he or someone else on the support team accessed my site and fixed the problem. Try following the thread -

    YMCC

  • Leonard
    • Site Builder, Child of Zeus

    Ok, I'm back....

    I hacked my way through the PHP errors by temporarily resetting file (.htaccess) and folder (wp-content and wp-include) permissions through FTP. A refresh of the Defenders Dashboard page did the rest.

  • Sajid
    • DEV MAN’s Sidekick

    Hi YMCC and @webmaster194,
    Hope you are doing good today :slight_smile:

    According to Tyler's explanation the issue is with file permissions. You need to make sure file permissions are set to 755.

    I am glad to know you hacked your way through it. Please start new thread in case you guys need further assistance :slight_smile:
    Cheers, Sajid

  • Sajid
    • DEV MAN’s Sidekick

    Hi @webmaster194,
    Hope you are doing good today :slight_smile:

    Thanks for sharing the tip. It will surely help figure this out but please bear in mind it is strongly recommended not to have 777 rights. It means any one with internet connection can write, read and execute the files.

    After making the changes make sure you restore the permissions to 755.

    Take care and have a nice day :slight_smile:
    Cheers, Sajid

  • Hoang Ngo
    • Code Slayer

    Hi guys,

    I hope you are well today.

    You can set the permission of files to 777, then let the plugin does it job, after that, please change the permission to 644 immediately.

    The reason why you set to 755, but the plugin still doesn't get right permission, it's because your FTP account you using to set the permission doesn't same group with your www-data user (web server).

    If you have any additional issues, please let us know and we'll be happy to help.

    Best regards,
    Hoang

    • Leonard
      • Site Builder, Child of Zeus

      Wordfence does a simular thing when trying to set the option to protect the folder wp-content. It pop ups a message telling the user the set it manually.

      Failing to disable code execution for uploads directory in Wordfence:

Thank NAME, for their help.

Let NAME know exactly why they deserved these points.

Gift a custom amount of points.