Please remove false error messages from admin

kevingarubba
(@kevingarubba)

10 months, 1 week ago
Referring to this admin error notice that displays:

Could not create /path/to/wordpress/wp-content/ai1wm-backups folder. Please ensure the parent folder has read/write/execute permissions (0777).

There are several problems with this error message:
- Incorrectly displays message when backup path has changed. Sometimes this happens if a folder in the path has changed since the last time the plugin was used, or sometimes when the database value for the backup path is based on a different environment. Either way, in these cases it has nothing to do with permissions, yet still displays.
- It shows ~5 more superfluous messages that are related to the exact same thing, eating up more screen real-estate.
- The notice status should not be “error”. The user of this plugin may not need be concerned with the ai1wm-backups folder if they aren’t trying to run backups. It arguably should not be an error as far as the user is concerned.
- MOST IMPORTANTLY: It advises a very irresponsible fix of setting folder permissions to 0777 . This is a poor security decision and shouldn’t be displayed to admins.
Please consider.
- This topic was modified 10 months, 1 week ago by kevingarubba.
- This topic was modified 10 months, 1 week ago by kevingarubba.
- This topic was modified 10 months, 1 week ago by kevingarubba.

Viewing 3 replies - 1 through 3 (of 3 total)

Plugin Author Yani
(@yaniiliev)

10 months, 1 week ago

Hi Kevin,

I hope you are well.

Thank you for your feedback! I really appreciate the time you took to share your thoughts.

You’re right that there can be multiple reasons why this error message appears. However, when it does, it always means that the plugin cannot ensure safe and secure operation regarding the backups folder and this is something the site admin must address. It’s not safe to ignore, even if backups aren’t actively being used at that moment.

One key issue is that the plugin is unable to create or protect the ai1wm-backups folder. This can lead to backups being stored in a publicly accessible location, making them visible and indexable. To avoid this serious security risk, ww.wp.xz.cn’s plugin review team explicitly required us to show this and other similar error messages to protect users.

Regarding the suggested 0777 permissions, this is advised only as a last resort for users in environments where the PHP/webserver user does not have write access. If the plugin failed to create the folder, it means permissions like 0700 or 0770 won’t work and the webserver user doesn’t own or belong to the parent folder’s group. While 0777 is not ideal, in this edge case it ensures the user can resolve the issue quickly.

Thank you again for suggesting this improvement. I will also pass your feedback to the development team.

Thread Starter kevingarubba
(@kevingarubba)

8 months, 2 weeks ago

Appreciate the response, Yani.

I see it from your point of view that allowing the plugin the ability to generate backups is critical at all times for safety. I think if it’s displayed in fewer admin notices and under the right context that would be a good solution.

As for the security message – Would it not be better to inform based on best practices?

755 for folders

644 for files

www-data:www-data for ownership

Thread Starter kevingarubba
(@kevingarubba)

7 months, 2 weeks ago

Hey Yani! Just want to check back into this request. If you could see it from my point of view, I am someone who develops at an agency and is trying to spread use of this plugin through a broad range of websites. I am commonly in contact with different client IT managers who I have to advocate for the legitimacy of this plugin that is telling them to set site folder permissions to 0777 . In my mind this is a simple fix of just having more responsible error messaging in the admin view.

Please reconsider.

Viewing 3 replies - 1 through 3 (of 3 total)

The topic ‘Please remove false error messages from admin’ is closed to new replies.

Tags