WordPress HTTP upload error – Administrators can upload files, other user roles cannot upload files

Home Forums BulletProof Security Pro WordPress HTTP upload error – Administrators can upload files, other user roles cannot upload files

Viewing 7 posts - 1 through 7 (of 7 total)
  • Author
    Posts
  • #13220
    AITpro Admin
    Keymaster

    Manually split to a new Topic:
    When I upload an image using the WordPress uploader, any non-admin user gets “http error” (no problem with admin user)

    #13222
    AITpro Admin
    Keymaster

    By default ONLY Administrators SHOULD be allowed to upload files.  Logically allowing anyone to upload files to your site would be security risk.  I would need to know more about exactly what you are trying to do to be able to assist you further.  Please describe in full specific details what you want to do/allow.  Is there a plugin involved that handles the uploads, what exactly are non-administrators uploading to your website, etc.?

    Related topics found by doing Google searches
    http://wordpress.org/support/topic/allow-non-admins-to-upload-and-delete-media
    http://wordpress.org/support/topic/great-plugin-need-to-allow-non-admin-to-upload-media

    #13252
    Rob Bernstein
    Participant

    Thanks for responding quickly. I am building a property listing site, where subscribers pay to list their properties. I am using S2member plugin with 5 extra user roles. I do not get any server / apache errors in the logs, but the console reports: The best link I could find is http://www.nullin.com/2009/11/30/fix-500-internal-error-in-wordpress/, which raises a couple of htaccess issues which I honestly don’t understand.

    POST http://xxx.co.nz/wp-admin/async-upload.php 500 (Internal Server Error)

    Any suggestions?
    ROB

    #13264
    AITpro Admin
    Keymaster

    Do the standard BPS Pro troubleshooting steps below to see if BPS Pro has anything to do with this.
    Check your BPS Pro Security Log and post any errors that are directly related to this.  Please do not post any irrelevant error log entries.
    http://forum.ait-pro.com/forums/topic/read-me-first-pro/#bps-pro-general-troubleshooting

    Do steps 1, 2 and 4 and then test.
    1. On the Security Modes page, click the Root Folder BulletProof Mode Deactivate button. See Custom Code Note if doing this step works.
    2. On the Security Modes page, click the wp-admin Folder BulletProof Mode Deactivate button.  See Custom Code Note if doing this step works.
    4. On the Security Modes page, click the UAEG BulletProof Mode Deactivate button.

    #13269
    Rob Bernstein
    Participant

    OK, did all that but the problem remains. I assume that means that the problem cannot be in BPS?

    #13271
    AITpro Admin
    Keymaster

    Yes, that is correct – you have eliminated that BPS is involved in this issue.  I think your best bet would be to contact the S2Member folks if the upload has to do with the S2Member plugin.

    #13273
    AITpro Admin
    Keymaster

    Also just in case do standard WordPress troubleshooting steps.  Deactivate all plugins (not BPS Pro of course since BPS Pro has built-in troubleshooting tools) and test.  This WordPress.org thread below has some good things to check, but since the issue is allowing non-admins to upload files then this is a different type of issue altogether.  FYI – make sure uploading is VERY secure.

    http://wordpress.org/support/topic/http-error-on-image-upload-still?replies=13

Viewing 7 posts - 1 through 7 (of 7 total)
  • You must be logged in to reply to this topic.