WordPress


The update cannot be installed because we will be unable to copy some files. This is usually due to inconsistent file permissions.: wp-admin/includes/update-core.php

Recently, we were trying to update a WordPress installation that was running under apache in a CentOS 7. When we would press the lovely blue button to update WordPress we would get the following error:

The update cannot be installed because we will be unable to copy some files. This is usually due to inconsistent file permissions.: wp-admin/includes/update-core.php

Installation Failed

At first we thought it was an issue with the privileges on the folder, so we did the following steps to fix the issue:

Find which user is controlling apache server:

We executed the following command to get the name of the local user that was handling the apache web server:

ps -ef | grep apache;

From which, we got the following results:

apache 7289 8523 1 10:35 ? 00:00:03 /usr/sbin/httpd -DFOREGROUND
apache 7293 8523 0 10:35 ? 00:00:02 /usr/sbin/httpd -DFOREGROUND
apache 7316 8523 0 10:35 ? 00:00:01 /usr/sbin/httpd -DFOREGROUND
apache 7317 8523 0 10:35 ? 00:00:01 /usr/sbin/httpd -DFOREGROUND
apache 7335 8523 1 10:35 ? 00:00:03 /usr/sbin/httpd -DFOREGROUND
apache 7347 8523 0 10:35 ? 00:00:01 /usr/sbin/httpd -DFOREGROUND
apache 7348 8523 0 10:35 ? 00:00:01 /usr/sbin/httpd -DFOREGROUND
apache 7349 8523 0 10:35 ? 00:00:01 /usr/sbin/httpd -DFOREGROUND
apache 7350 8523 0 10:35 ? 00:00:00 /usr/sbin/httpd -DFOREGROUND
apache 7351 8523 0 10:35 ? 00:00:01 /usr/sbin/httpd -DFOREGROUND
root 8071 7978 0 10:40 pts/1 00:00:00 grep --color=auto apache

The first column is the name of the user, so we found out that apache local user is the user executing the apache web server.

Repair all file and folder access rights:

After getting the above information we proceeded to update the access rights in our WordPress installation folder (/var/www/example.com)

find /var/www/example.com -type d -exec chmod 755 '{}' \;
find /var/www/example.com -type f -exec chmod 644 '{}' \;
chown -R apache:apache /var/www/example.com;

To our disappointment, nothing changed and we would still get the same error. Luckily enough we had another ace in our sleeve!

Checking the security context of each file and folder:

We executed the following command (ls -Z) to get the security context of the files and folders in the installation folder of WordPress:

ls -Z /var/www/example.com;

Where we got the following results:

drwxr-xr-x. apache apache unconfined_u:object_r:httpd_sys_content_t:s0 api
-rw-r--r--. apache apache unconfined_u:object_r:httpd_sys_content_t:s0 favicon.ico
-rw-r--r--. apache apache unconfined_u:object_r:httpd_sys_content_t:s0 index.php
-rw-r--r--. apache apache unconfined_u:object_r:httpd_sys_content_t:s0 license.txt
-rw-r--r--. apache apache unconfined_u:object_r:httpd_sys_content_t:s0 readme.html
-rw-r--r--. apache apache unconfined_u:object_r:httpd_sys_content_t:s0 r-file.php
-rw-r--r--. apache apache unconfined_u:object_r:httpd_sys_content_t:s0 wordfence-waf.php
-rw-r--r--. apache apache unconfined_u:object_r:httpd_sys_content_t:s0 wp-activate.php
drwxr-xr-x. apache apache unconfined_u:object_r:httpd_sys_content_t:s0 wp-admin
-rw-r--r--. apache apache unconfined_u:object_r:httpd_sys_content_t:s0 wp-blog-header.php
-rw-r--r--. apache apache unconfined_u:object_r:httpd_sys_content_t:s0 wp-comments-post.php
-rw-r--r--. apache apache unconfined_u:object_r:httpd_sys_content_t:s0 wp-config.php
-rw-r--r--. apache apache unconfined_u:object_r:httpd_sys_content_t:s0 wp-config-sample.php
drwxr-xr-x. apache apache unconfined_u:object_r:httpd_sys_rw_content_t:s0 wp-content
-rw-r--r--. apache apache unconfined_u:object_r:httpd_sys_content_t:s0 wp-cron.php
drwxr-xr-x. apache apache unconfined_u:object_r:httpd_sys_content_t:s0 wp-includes
-rw-r--r--. apache apache unconfined_u:object_r:httpd_sys_content_t:s0 wp-links-opml.php
-rw-r--r--. apache apache unconfined_u:object_r:httpd_sys_content_t:s0 wp-load.php
-rw-r--r--. apache apache unconfined_u:object_r:httpd_sys_content_t:s0 wp-login.php
-rw-r--r--. apache apache unconfined_u:object_r:httpd_sys_content_t:s0 wp-mail.php
-rw-r--r--. apache apache unconfined_u:object_r:httpd_sys_content_t:s0 wp-settings.php
-rw-r--r--. apache apache unconfined_u:object_r:httpd_sys_content_t:s0 wp-signup.php
-rw-r--r--. apache apache unconfined_u:object_r:httpd_sys_content_t:s0 wp-trackback.php
-rw-r--r--. apache apache unconfined_u:object_r:httpd_sys_content_t:s0 xmlrpc.php

What we got from this result: all files and folders marked with the httpd_sys_content_t are not directly editable by the apache web server even though the user has the rights to do so as it is a security step by SELinux.

httpd_sys_content_t
Use this type for static web content, such as .html files used by a static website. Files labeled with this type are accessible (read only) to httpd and scripts executed by httpd. By default, files and directories labeled with this type cannot be written to or modified by httpd or other processes. Note that by default, files created in or copied into /var/www/html/ are labeled with the httpd_sys_content_t type.

https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/6/html/managing_confined_services/sect-managing_confined_services-the_apache_http_server-types

The simple solution

We just changed the security context for the folders and files to httpd_sys_rw_content_t which allows apache web server to edit the files:

httpd_sys_rw_content_t
Files labeled with this type can be written to by scripts labeled with the httpd_sys_script_exec_t type, but cannot be modified by scripts labeled with any other type. You must use the httpd_sys_rw_content_t type to label files that will be read from and written to by scripts labeled with the httpd_sys_script_exec_t type.

https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/6/html/managing_confined_services/sect-managing_confined_services-the_apache_http_server-types
chcon -R --type httpd_sys_rw_content_t /var/www/example.com;

After this command finished, we updated WordPress as normal!

(In case you want to change the security context back to the original just execute chcon with httpd_sys_content_t as parameter on the folders and files you want to operate as read-only).

Advertisements

WordPress: How to disable a plugin on all pages except for a specific one

A few days ago we were struggling to find a way to limit the amount of plugins that load at any point on a WordPress website. We noticed that several plugins enqueue their scripts and their styles in all requests to the website even if they are actually used on a single page only. This issue was important to address as it was making the whole server slower by giving it extra requests from the client that would never provide any actual benefit to the user.

Initially, we tried to selectively enable those plugins on their respective pages but we did not get it right and things would load out of order and break. Instead of following the ‘enable when needed‘ methodology we decided to follow the ‘disable unless needed‘ methodology which seemed simpler at the time.

Our changes involved in adding the following code in the functions.php file of our child theme.

//Register a filter at the correct event
add_filter( 'option_active_plugins', 'bf_plugin_control' );

function bf_plugin_control($plugins) {
  // If we are in the admin area do not touch anything
  if (is_admin()) {
    return $plugins;
  }
  
  // Check if we are at the expected page, if not remove the plugin from the active plugins list
  if(is_page("csv-to-kml-cell-site-map") === FALSE){ 
    // Finding the plugin in the active plugins list
    $key = array_search( 'csv-kml/index.php' , $plugins );
    if ( false !== $key ) {
      // Removing the plugin and dequeuing its scripts
      unset( $plugins[$key] );
      wp_dequeue_script( 'bf_csv_kml_script' );
    }
  }

  if(is_page("random-password-generator") === FALSE){ 
    $key = array_search( 'bytefreaks-password-generator/passwordGenerator.php' , $plugins );
    if ( false !== $key ) {
      unset( $plugins[$key] );
    }
  }
  
  if(is_page("xml-tree-visualizer") === FALSE){ 
    $key = array_search( 'xmltree/xml-tree.php' , $plugins );
    if ( false !== $key ) {
      unset( $plugins[$key] );
      wp_dequeue_script( 'bf_xml_namespace' );
      wp_dequeue_style( 'bf_xml_namespace' );
    }
  }

  return $plugins;
}

One day, we will clean the above code to make it tidy and reusable.. one day, that day is not today.

What the code above does is the following:

  • Using is_admin it checks if the Dashboard or the administration panel is attempting to be displayed, in that case it does not do any changes.
  • With is_page, it will additionally check if the parameter is for one of the pages specified and thus disable the plugin if the check fails.
  • PHP command array_search, will see if our plugin file is expected to be executed (all files in $plugins are the plugin files that are expected to be executed) .
  • wp_dequeue_script and wp_dequeue_style remove the previously enqueued scripts and styles of the plugin as long as you know the handles (or namespaces of the enqueued items).
    To get the handles (namespaces) we went through the plugin codes and found all instances of wp_enqueue_script and wp_enqueue_style.
    Please note that several small plugins do not have additional items in queue so no further action is needed.


Easy way to repair and optimize core WordPress MySql DataBase Tables

To manually repair and optimize the core WordPress tables of your MySql (or MariaDB) database:

A) edit your wp-config.php and add

define('WP_ALLOW_REPAIR', true);

right before the line

/* That's all, stop editing! Happy blogging. */

B) Visit the following link (and replace example.com with the domain or the IP of your site installation)

https://example.com/wp-admin/maint/repair.php

C) Press the Repair and Optimize Database button and wait for some time (depending on the size of the core tables of your installation)

D) Once the above step is done, remove or comment out (by adding a # at the beginning of the line) the line:

define('WP_ALLOW_REPAIR', true);

You need to do this step to to prevent this page (which could potentially take a lot of resources) from being used by unauthorized users.


Install Required Plugins of Gillion | Multi-Concept Blog/Magazine & Shop WordPress Theme

For Gillion (the Multi-Concept Blog/Magazine & Shop WordPress Theme) to properly work, it needs the WPBakery Page Builder (formerly Visual Composer) and the Unison plugins. In a clients’ page, they did not get the message prompting to install the required plugins and could not find it again. Unison is available through WordPress Plugin Directory so that was easy to setup. On the other hand, WPBakery (and the Revolution slider) it is not available through the directory as it is a commercial product. After reading through the support forums we realised that they should not need to make a separate purchase of the plugin, the theme will be able to pull it automatically from a CDN of shufflehound (without getting support from the WPBakery team).

Solution: In case you are facing the same issue, you can find the installation link under the left side menu Appearance where a new option will be available called Install Plugins (the link will be similar to this http://example.com/wp-admin/themes.php?page=tgmpa-install-plugins). We installed for them the two required plugins and their theme was operational.

Links:


JetPack: Cannot Verify Site Ownership using pinterest 5

Recently, we tried to verify the ownership of a site running WordPress with JetPack in Pinterest.

As the instructions say, we logged in to Pinterest and visited the settings page to Claim Website paragraph.

Using the meta tag solution we received a code similar to the one below:

<meta name="p:domain_verify" content="8525e3384b3545fb80b9e21f0910de21"/>

When we tried to add the code in the JetPack site verification page (https://example.com/wp-admin/admin.php?page=jetpack#/traffic) we got the following error:
Error updating settings. Invalid parameter(s): pinterest (Status 400).

To resolve the issue, we just added a space character right before the end of the tag /> and our code became:

<meta name="p:domain_verify" content="8525e3384b3545fb80b9e21f0910de21" />

Trying again, it worked properly!