WPEngine problem with 777 permissions – DSO Server

Home Forums BulletProof Security Pro WPEngine problem with 777 permissions – DSO Server

Tagged: , ,

Viewing 7 posts - 1 through 7 (of 7 total)
  • Author
    Posts
  • November 4, 2013 at 8:18 am #10929
    James Burden
    Participant

    Hi – I’m currently setting up my wordpress sites on wpengine.com. I’m having problems with activating BPS Pro. When I run the pre-installation checks it comes up with an error message saying Server API: Apache DSO Server Configuration and to follow the instructions on http://forum.ait-pro.com/forums/topic/dso-setup-steps/ in order to make some one-time manual changes. I’ve tried following the instructions – but steps 3 and 7 require me to change security permissions to 777. 777 permissions are not allowed on WPEngine hosting platform as they view it as a security risk and unnecessary for the the functionality of the site or a plugin due to it allowing public write and execute permissions.

    Is there a way to make BPS Pro to work on a DSO server set up without using 777 permissions?

    Thanks for you help.

    James

    November 4, 2013 at 8:27 am #10931
    AITpro Admin
    Keymaster

    Instead of doing the DSO setup method of changing file permissions you should do the optimum choice of changing Ownership of files and scripts so that the Owner of files and scripts matches.  This will then allow WordPress to use the “direct” Filesystem API Method instead of having to use an alternative Filesystem API Method.

    November 4, 2013 at 8:30 am #10932
    AITpro Admin
    Keymaster

    What I recommend is that you contact your Host support and ask them to change Ownership of files so that the file owner and script owner are the same.  This would be a very simple thing for them to do and probably a difficult thing for you to do if you have never done this before.

    November 4, 2013 at 1:49 pm #10973
    James Burden
    Participant

    Hi – hope you can help some more with this.

    I’ve been in touch with my host support to ask them to ensure that PHP Script Owner and PHP File Owner are the same. They have a Reset Permissions button as part of the wp-admin which should already accomplish this apparently (which I’ve already activated) so they’re puzzled as to why it’s a problem. They’ve asked me which files or scripts do not have the same owner so that they can investigate further. What should I tell them?

    November 4, 2013 at 4:13 pm #10977
    AITpro Admin
    Keymaster

    Go to the BPS Pro System Info page and copy and paste these things below.

    WP Filesystem API Method:

    And if the Filesystem API Method is not “direct” then you will see these 2 additional fields

    Script Owner ID:
    File Owner ID:

    November 4, 2013 at 5:05 pm #10978
    James Burden
    Participant

    WP Filesystem API Method is already showing as “direct”. Yet the plugin still won’t complete the Run Pre-Installation Checks. It still trips up at Server API: Apache DSO Server Configuration, and says that I must make the one-time manual configuration changes.

    November 4, 2013 at 8:24 pm #10979
    AITpro Admin
    Keymaster

    Actually you can disregard the message that is displayed to you regarding your Server type being DSO.  We will be changing that checking condition in the next BPS Pro version release to check the WP Filesystem API Method.  If the Method is direct then DSO folks will not see any DSO messages.  Change any folder or file permissions back to what they were originally and run the Pre-installation Wizard and the Setup Wizard.

  • Author
    Posts
Viewing 7 posts - 1 through 7 (of 7 total)
  • You must be logged in to reply to this topic.