Posted in Security
WordPress : The uploaded file could not be moved to .
If you get this message when trying to upload a file into wordpress admin area, this may mean that :
- the webserver doesn’t have the write permissions on the upload directory
- safe mode is enabled on the webserver
The easiest fix is to edit the value “safe_mode” to off in /etc/php.ini
YOU MAY NOT WANT TO DO THAT, THIS IS NOT SAFE
Read on..
What is safe mode ?
See http://be.php.net/features.safe-mode
Work-around to upload files with safe mode on :
Here’s the copy in case the link goes down
WordPress – File Upload Problems
Saturday 2nd September 2006, 0:49
When configuring WordPress to support file uploads I ran into a tricky issue. The server responded with:
The uploaded file could not be moved to .
The message above is displayed if there is a problem uploading or using the uploaded file, this is normally associated with security issues, such as the user that the webserver is running under doesn’t have write permission in the folder.
There is a thread on the wordpress site that discuss this issue. The most common cause for this problem is invalid directory permissions.
My problem however was not solved by changing the permissions of the folders. No matter what I tried it refused to work.
After turning to google I found out that this type of problems may also be caused by PHP being configured to run in SAFE MODE safe_mod=On in php.ini) which has the same effect as incorrect permissions. Php will refuse to read files that are not owned by the same user as the script being executed.
So by turning off safe mode (safe_mode=Off) the file uploads worked without problems… but personally I prefer running with safe mode enabled. So I needed to find another solution to allow file uploads even though safe mod is enabled..
It so happens that there is a related configuration option in php.ini. By setting safe_mode_gid=On safe mode checks the files GID (group) instead of the UID (user). When combining this with a sticky flag on the uploads folder (and it’s underlying year-folders if you have that option is enabled in wordpress) we can get file uploads to work properly even though safe mode is still enabled. Here is a list of what to do:
* Enable safe_mode_gid=On in php.ini
* chmod 7777 wp-content/uploads
* If the organisation option is enabled in wordpress, create one or more year folders and set chmod 7777 on them aswell.
* Restart the webserver so that the php.ini changes take effect.
* Try uploading a file.
Do not thank me, thank the original author at http://tiny3d.com
Comments
Tim Almond » Blog Archive » Wordpress Upload Problem and Resolution
[...] Sebastien Wains solved my problem. If PHP safe mode is on (it checks user id that owns a file against the user reading it, I think), change it’s way of working to be group- instead of user-orientated. It worked for me. [...]
Pete S
G’day Sebastien. Thanks, that worked for me. I didn’t want to turn off safe-mode either. Some people seem to think it’s useless, but there isn’t a good substitute.
Yan
Pardon me if I were to ask you how do I enable safe_mode_gid=On in php.ini? And thank you.
Sébastien Wains
It depends on your system.
Under Debian Etch and Apache2 it is under /etc/php5/apache2/php.ini
Under RedHat systems, it is under /etc/php.ini as far as I remember
Yan
Thanks for the reply. But seriously I don’t even know a single thing about PHP, let alone edit it. Is there any simpler way for me to do it? I’m afraid I don’t even know where to dig that file. Anyway, thank you again.
Sébastien Wains
Sorry, there’s no simpler way (unless you have a provider with some kind of control panel). You should find a Linux knowledgeable person to help you on this issue.
Ruben Ortiz
Hi Sebastien, once again, thanks for the tip. The only thing I have not understand completely is the way you assign the permissions to folder with a sticky bit.
In theory, and if Im not wrong to assign sticky bit to a folder is with
chmod +t /whaetever
7777 is the same as +t ?
Thanks!
Kenneth
My wordpress website is hosted with a webhost. If i ask them to change safe_mode_gid=On, will they do it?
Jasen G
I am having the same problem although my php.ini file looks like this:
file_uploads = On
upload_max_filesize = 80M
allow_url_fopen = On
post_max_size = 80M
memory_limit = 24M
should i make the memory limit larger to accommodate for more photos in a photoblog? or if that was the problem would i get an entirely different error?
thanks
Sébastien Wains
Can’t tell how WP implemented error message. “The upload file could not..” may be a generic error message for several errors. Check the code, this should help.
meds
I have the same experience. i have set uploads folder permission tho 777 but still eror.
and o ow, I found my disk is full.
Kiro
Hi,
I’m using WordPress 3.0 , and had the same problems yesterday, I’ve try to fixed it in every methods available from editing .htacess to chmod permission or even thought of editing php.ini.
But when i contact my server host, They said that ” wp-content/uploads ” ownership was “nobody”, and they have changed it back to my default main domain administrator, which was me myself.
Hope this is helpful to any wordpress 3.0 users who encounter this.
Leave Comment
Please consider visiting the partners below if you enjoyed this article :If this post saved you time and money, please consider checking my Amazon wishlist.
Search
About me
-
Internet & Technology junkie.
Photographer.
Backpacker.
I'm the Linux registered user #350986 and RedHat Certified Engineer #804007797825578 (Verify).
This « blog » is some kind of personal notebook about my discoveries in the IT world.
While some tips may seem obvious (we learn a new thing every day eh), hopefully you'll find some of them informative !
Check out my wishlist at Amazon !
Categories
- Android (1)
- Apache (18)
- Apple/Mac OS (7)
- Asterisk (5)
- Bash (15)
- DNS (7)
- Debian/Ubuntu (27)
- Firefox (5)
- Gnome (7)
- Hardware (16)
- High-Availability (2)
- Howto (112)
- Iptables (7)
- LDAP (9)
- Linux (240)
- Linux-Anti-Theft (1)
- Misc (11)
- NSLU2 (5)
- Networking (16)
- Postfix (24)
- Proxy (10)
- RADIUS (2)
- RHCE (22)
- RRDWeather (5)
- Red Hat/CentOS (31)
- Rewards (2)
- SQL (12)
- SSH (13)
- Scripts (4)
- Security (63)
- Tools (15)
- VPN (7)
- Versioning (10)
- Virtualization (2)
- VoIP (6)
- Wifi (9)
- Windows (12)
Links
- Belgian spammers
- Christopher Murray
- Dedicated Servers
- Open Source Heaven
- RRDWeather
- The Admin Blogger
- Yannick
My favorite projects
Tim Almond
Hi Sebastian,
Thanks for the tip.
Tim