Home › Forums › BulletProof Security Pro › WordPress HTTP upload error – Administrators can upload files, other user roles cannot upload files
- This topic has 6 replies, 2 voices, and was last updated 10 years, 1 month ago by AITpro Admin.
-
AuthorPosts
-
AITpro AdminKeymaster
Manually split to a new Topic:
When I upload an image using the WordPress uploader, any non-admin user gets “http error” (no problem with admin user)AITpro AdminKeymasterBy default ONLY Administrators SHOULD be allowed to upload files. Logically allowing anyone to upload files to your site would be security risk. I would need to know more about exactly what you are trying to do to be able to assist you further. Please describe in full specific details what you want to do/allow. Is there a plugin involved that handles the uploads, what exactly are non-administrators uploading to your website, etc.?
Related topics found by doing Google searches
http://wordpress.org/support/topic/allow-non-admins-to-upload-and-delete-media
http://wordpress.org/support/topic/great-plugin-need-to-allow-non-admin-to-upload-mediaRob BernsteinParticipantThanks for responding quickly. I am building a property listing site, where subscribers pay to list their properties. I am using S2member plugin with 5 extra user roles. I do not get any server / apache errors in the logs, but the console reports: The best link I could find is http://www.nullin.com/2009/11/30/fix-500-internal-error-in-wordpress/, which raises a couple of htaccess issues which I honestly don’t understand.
POST http://xxx.co.nz/wp-admin/async-upload.php 500 (Internal Server Error)
Any suggestions?
ROBAITpro AdminKeymasterDo the standard BPS Pro troubleshooting steps below to see if BPS Pro has anything to do with this.
Check your BPS Pro Security Log and post any errors that are directly related to this. Please do not post any irrelevant error log entries.
http://forum.ait-pro.com/forums/topic/read-me-first-pro/#bps-pro-general-troubleshootingDo steps 1, 2 and 4 and then test.
1. On the Security Modes page, click the Root Folder BulletProof Mode Deactivate button. See Custom Code Note if doing this step works.
2. On the Security Modes page, click the wp-admin Folder BulletProof Mode Deactivate button. See Custom Code Note if doing this step works.
4. On the Security Modes page, click the UAEG BulletProof Mode Deactivate button.Rob BernsteinParticipantOK, did all that but the problem remains. I assume that means that the problem cannot be in BPS?
AITpro AdminKeymasterYes, that is correct – you have eliminated that BPS is involved in this issue. I think your best bet would be to contact the S2Member folks if the upload has to do with the S2Member plugin.
AITpro AdminKeymasterAlso just in case do standard WordPress troubleshooting steps. Deactivate all plugins (not BPS Pro of course since BPS Pro has built-in troubleshooting tools) and test. This WordPress.org thread below has some good things to check, but since the issue is allowing non-admins to upload files then this is a different type of issue altogether. FYI – make sure uploading is VERY secure.
http://wordpress.org/support/topic/http-error-on-image-upload-still?replies=13
-
AuthorPosts
- You must be logged in to reply to this topic.