WordPress Plugins creating files with no read permission

Support and Discussion Web Server
,
1

I’m having strange problems with certain wordpress sites, some migrated from my previous hosting, some newly created, where any files generated by plugins are initially created with no read permissions. I have to run a chmod on the files in order that they can be loaded by the browser.

For example, when LiteSpeed Cache plugin generates new CSS files, or Webp images, they are created with no read permission, so the website displays without styling and/or images until the chmod is run, or when a woocommerce invoice plugin generates a new invoice it returns a 403 etc.

Server details:

AlmaLinux 8.1
Current Version: 2.3
Build: 6Current Commit: 0010f5c79edda349d4a5d86da6a8dea717ea7860
Latest Version: 2.3
Latest Build: 7Latest Commit: bfc2fc4c9521427dc3b58a5bd38f53814cc0d22a

Here are the rewrite rules:

BEGIN iThemes Security - Do not modify or remove this line

iThemes Security Config Details: 2

# Protect System Files - Security > Settings > System Tweaks > System Files
<files .htaccess>
	<IfModule mod_litespeed.c>
		Order allow,deny
		Deny from all
	</IfModule>
</files>
<files readme.html>
	<IfModule mod_litespeed.c>
		Order allow,deny
		Deny from all
	</IfModule>
</files>
<files readme.txt>
	<IfModule mod_litespeed.c>
		Order allow,deny
		Deny from all
	</IfModule>
</files>
<files wp-config.php>
	<IfModule mod_litespeed.c>
		Order allow,deny
		Deny from all
	</IfModule>
</files>

# Disable Directory Browsing - Security > Settings > System Tweaks > Directory Browsing
Options -Indexes

<IfModule mod_rewrite.c>
	RewriteEngine On

	# Protect System Files - Security > Settings > System Tweaks > System Files
	RewriteRule ^wp-admin/install\.php$ - [F]
	RewriteRule ^wp-admin/includes/ - [F]
	RewriteRule !^wp-includes/ - [S=3]
	RewriteRule ^wp-includes/[^/]+\.php$ - [F]
	RewriteRule ^wp-includes/js/tinymce/langs/.+\.php - [F]
	RewriteRule ^wp-includes/theme-compat/ - [F]
	RewriteCond %{REQUEST_FILENAME} -f
	RewriteRule (^|.*/)\.(git|svn)/.* - [F]

	# Disable PHP in Uploads - Security > Settings > System Tweaks > PHP in Uploads
	RewriteRule ^wp\-content/uploads/.*\.(?:php[1-7]?|pht|phtml?|phps)\.?$ - [NC,F]

	# Disable PHP in Plugins - Security > Settings > System Tweaks > PHP in Plugins
	RewriteRule ^wp\-content/plugins/.*\.(?:php[1-7]?|pht|phtml?|phps)\.?$ - [NC,F]

	# Disable PHP in Themes - Security > Settings > System Tweaks > PHP in Themes
	RewriteRule ^wp\-content/themes/.*\.(?:php[1-7]?|pht|phtml?|phps)\.?$ - [NC,F]
</IfModule>

END iThemes Security - Do not modify or remove this line

BEGIN LSCACHE

END LSCACHE

BEGIN NON_LSCACHE

END NON_LSCACHE

BEGIN WordPress

The directives (lines) between “BEGIN WordPress” and “END WordPress” are

dynamically generated, and should only be modified via WordPress filters.

Any changes to the directives between these markers will be overwritten.

RewriteEngine On RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}] RewriteBase / RewriteRule ^index\.php$ - [L] RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule . /index.php [L]

END WordPress

NB - I already tried deactivating the security plugin, and am also running the same security plugin (and exact same combination of other plugins) on other websites which don’t suffer from the same issue, and the migrated sites were running fine on the previous hosting so it appears to be to do with the server configuration somewhere.

I’ve checked umask value and it shows as 022.

Has anyone experienced this before? I really need to get this fixed ASAP.

Thanks

2

In the end, I managed to find the issue.

The Linux ACL (access control list) settings were too restrictive.

After running a setfacl command recursively on the wp-content/uploads directory, the issue appears to be sorted.

3

This topic was automatically closed 3 hours after the last reply. New replies are no longer allowed.