Safe_Mode - On or Off?

Hi,

Recently I've got a couple of clients who are using plugins that requires Safe_Mode to be Off on the server.

But my hosting's Safe_Mode is defaulted to On. The provider insisted on leaving Safe_Mode at On on concern of shared server security issue.

My question is, is it normal to switch Safe_Mode to Off? Or rather, is the Safe_Mode of most hosting out there turned On or Off?

Also, any of the plugin in WPMUDev requires Safe_Mode to be Off?

Best Regards,
William

  • DavidM
    • DEV MAN’s Mascot

    Hi William,

    I'm guessing you're referring to php safe mode, correct?

    I think the responses in the following thread from the forums here well summarize a few expert views on that (not good views on safe mode):
    https://premium.wpmudev.org/forums/topic/mass-mailer-warning

    There are other threads as well, such as the following:
    https://premium.wpmudev.org/forums/topic/set-time-limit-in-safe-mode-error

    So ultimately, it does affect various plugins but it's not at all limited to plugins here. For instance, WP Super Cache requires it to be disabled.
    http://wordpress.org/extend/plugins/wp-super-cache/installation/

    I'm not sure of any workarounds for it either, especially given that plugins as hugely popular as WP Super Cache require it off.

    Cheers,
    David

  • Mason
    • DEV MAN’s Sidekick

    Hiya William,

    1. Does any of the plugin in WPMUDev requires Safe_Mode to be Off?

    Honestly, this depends on your hosting providers setup. Safe_Mode limits what PHP scripts can do. For example commonly a PHP script cannot edit a file or folder that does not have the same “group” as it does. Also, PHP scripts that are going to be writing files must be part of the “web” group.

    When the setup is done as above you may have issues with plugins that require to create their own directory (even temporarily) to handle a certain process. Two that come to mind are our Avatars and Batch Create plugins.

    Odds are, if image uploading is working for you, these plugins will as well.

    2. Is it NOT okay when the hosting set it to ON by default?

    Just refer to above. It is totally ok to have it on - until it isn't. Normally media upload is the biggest indicator. Ironically, though safe_mode does this to protect users from attack, the actual effect is often to weaken security, as confused users change their file permissions to "777" trying to fix broken features, opening themselves up to attacks to which they wouldn’t have been vulnerable before.

    Bottom line, you'll recognize a problem immediately if it ever comes up. The only one who can really predict this is the provider in charge of your PHP installation.

    Hope this helps!

  • Dutchman
    • The Bug Hunter

    masonjames

    Just refer to above. It is totally ok to have it on - until it isn't. Normally media upload is the biggest indicator. Ironically, though safe_mode does this to protect users from attack, the actual effect is often to weaken security, as confused users change their file permissions to "777" trying to fix broken features, opening themselves up to attacks to which they wouldn’t have been vulnerable before.

    Bottom line, you'll recognize a problem immediately if it ever comes up. The only one who can really predict this is the provider in charge of your PHP installation.

    Ok here is my problem: I have safe mode on ass well on my VPS wich effect a lot of my WP installs and to make sure some of the themes work I need to set cash folders to 777. With 755 the theme doesnt work properly or some plugins.

    Now what would be the best advice to avoid 777? Put safe mode off onmy VPS?

Thank NAME, for their help.

Let NAME know exactly why they deserved these points.

Gift a custom amount of points.