abletec

cliverlong, you asked:

“Is the following the required information about the file permissions?”

Precise-a-dicely. And the listing you just provided showed me quite clearly what I had suspected right along, that the permissions are incorrect. I’m now going into teaching mode. Perhaps tldr:, but these will be important concepts when learning Linux, so if not from me, then you’ll surely benefit from reading about it from someone. There are assuredly better teachers & writers out there than me, but I’ll have a go.

The file permissions are the part of the listing that says:

-rw-r—–

The first – indicates that .htaccess is a file. Next follow the permissions.

The permissions are divided into 3 aspects, which are read, write, and execute. These are abbreviated in file listings as r, w, and x, respectively if the permission is present, else a – indicates no permission. Those permissions are given to 3 “entities”. These are the file owner, the group that owns the file, & everyone else. Each permission corresponds to a number. r (the read permission) corresponds to 4, w, the write permission, corresponds to the number 2, and x, the execute permission, corresponds to the number 1. Obviously if the particular permission is absent, as shown by the -, it has a number of 0. This is why we talk about permissions, say, of 755 or 644.

According to the above, what are the numeric permissions on your .htaccess file? If you said 640, you’re correct. The file owner has a permission of 6 (read+write, 4+2); the group that owns the file has a permission of 4 (read only), and everyone else has 0 permissions. Normally 644 is the permission for .htaccess, so the owner permissions are ok, as are the groups, but usually the everyone group gets read permission in this context. & that might not be necessary for a .htaccess file, but it surely is for others.

Generally directories are assigned permissions of 755, while files are assigned permissions of 644. These can be altered as required, but it’s a starting point.

The group that owns your .htaccess file is www-data, which is associated w/the Apache webserver, and sometimes other webservers as well.

Another switch associated w/the ls command is the -l switch (for long, like this post), and it gives you the file owner, size, date, and other information which is often really good to know when dealing w/all this. I suspect you used it when providing your listings, but just covering bases.

Usually I go into the /var directory and type:

chmod -R 755 www

The -R stands for recursive and tells the operating system to make changes to www and all its subdirectories. Please note the capital R.

I think once that’s done, your upload woes should be cured. & I hope I’ve’ve taught you something as opposed to boring you to tears.

Please let us know whether or not this was helpful. Sorry for the longwinded Linux lesson on a weekend.

ladysyren, please deactivate all your plugins. Then begin reactivating them 1 by 1, and trying to log into your website, until you find the troublesome plugin. Please clear your browser cache & any cache you may have on your server till the problem is resolved.

simon_a6, I guess perhaps I’m not completely understanding what you’re saying. Could you please provide an example, or perhaps a website where I can see what’s occurring?

Hello simon_a6, & welcome. I hate to say this, but it sounds as though this site has been compromised/hacked. Google can sometimes give indication of this if you do a search that looks like:

site:example.com

but it’s not foolproof for sure.

Sometimes a visit to:

sucuri.sitecheck.net

& then entering the domain of the site in question can be helpful as well. That site doesn’t always see the compromise, but if it reports one, it’s usually quite accurate.

Running a plugin like Wordfence might also spot the compromise, especially if you set the option to search outside of your WordPress installation.

But the fact that there are redirects, etc, is highly suggestive of a compromise. If that be the case, then there are 2 objectives of the repair:

1. To fix the visible evidence of the hack, ie, the redirects, get the site off any blacklists, etc; &
2. 2) To make as certain as possible that the hack can’t occur again. This involves, at a minimum, changing all passwords, both to the dashboard, the database, as well as your hosting control panel, and examining the database & other configuration files such as .htaccess for evidence of compromise. Both are vitally important.
3. 
   If this feels like a bit more than you can or wish to handle, you can always post a job at jobs.wordpress.net

It’s on your server, either via the file manager in your hosting control panel or via FTP/SFTP.

DISCLAIMER! The following is written w/o the aid of coffee. Any errors or omissions are attributable to said lack.

Ok, I guess I was unaware that this was a local install (did you mention that?) <blushing>. At this point we also don’t know what tool, if any, you used to make your local install, & that would help immensely.

The standard tool used to import content is a plugin from the ww.wp.xz.cn site. From your dashboard, please go to ‘Tools > Import’. Download the plugin, & follow the provided onscreen instructions.

Please understand that the .htaccess file is hidden, so you’ll need to have your operating system set up to be able to see those. We don’t know what that is, so until we do, we can’t provide meaningful instructions.

Again, as stated above, you don’t tell us what tool you used, if any, to do your local install. Please check the documentation on whatever tool you used, if applicable, because, some, like Xampp, actually require you run it w/administrative rights in order to set the proper read/write permissions.

Please let us know if this helps, and/or if you have further questions. It’s now officially coffee time.

Hi, kw7website, & welcome. Looks like you’ve got 2 websites, 1 located in your web root & the other located in a subdirectory called tw. I suggest you decide which you want to keep. You can always export content over from the other directory before deleting it.

lumazita, so I’ve got 2 problems. The first is I don’t know Portuguese, and the 2nd is I don’t know what’s supposed to be there.

Have you disabled all plugins and used a default WordPress theme (they begin with ‘twenty’)?