WordPress Version 4.1.2 – Urgent Upgrade

wordpress-logo-updateOn April 21, 2015, WordPress 4.1.2 was released to the public. This is a security update for all previous WordPress versions.

This is a critical security release for all previous versions and we strongly encourage you to update your sites immediately.

WordPress versions 4.1.1 and earlier are affected by a critical cross-site scripting vulnerability, which could enable anonymous users to compromise a site.

Also fixed are three other security issues:

  • In WordPress 4.1 and higher, files with invalid or unsafe names could be uploaded.
  • In WordPress 3.9 and higher, a very limited cross-site scripting vulnerability could be used as part of a social engineering attack.
  • Some plugins were vulnerable to an SQL injection vulnerability.

A number of plugins also released security fixes yesterday. Keep everything updated to stay secure. If you’re a plugin author, please read this post to confirm that your plugin is not affected by the same issue.

If you are unable/uncomfortable upgrading your WordPress site then let our experts do all the work for you. Order a WordPress Maintenance service today.

WordPress Error: Unable to create directory /wp-content/uploads/

Re: Wordpress Error: Unable to create directory /wp-content/uploads/

To resolve errors uploading to WordPress eg. new themes, please try the following steps:

  • In WordPress Settings/Media (or Settings/Miscellaneus depending on your version) change upload folder from “/wp-content/uploads” to “wp-content/uploads” – ie. remove the leading forward slash.
  • Set wp-content to 775
  • Set wp-content/uploads to 777

That should solve the problem.

How to disable Plesk open_basedir restriction in effect

Some applications require open_basedir to be “loosened” a little, if you are installing an application such as ClickCart Pro then the open_basedir will need to be changed so that the installation can create the required sub directories and then complete.

Let’s assume your domain name is domain.com (no such luck, I know!)

# vi /var/www/vhosts/domain.com/vhost.conf

Add the following lines:

<Directory /var/www/vhosts/domain.com/httpdocs>
php_admin_value open_basedir “/var/www/vhosts/domain.com”
php_admin_flag safe_mode off

Now we need to rebuild the apache configuration:

# /usr/local/psa/admin/sbin/websrvmng -u –vhost-name=domain.com

Job done, your open_basdir setting has been moved up one level (from /httpdocs to /) within your domain name sub folder.

WordPress upgrade fails, “Could not copy file: /var/www/wordpress/wp-activate.php”

Have you logged into WordPress and you get the message “WordPress update available, click here to upgrade”, you click “here”, wait and then the upgrade fails?

This is a common problem so we would like to post the solution for our clients:

1) Ensure that your FTP user is the owner of your WordPress install directory, this is most likely not the problem unless you have your own dedicated server and installed WordPress using root user.

2) Ensure that your WordPress directory has the correct permissions, it should be 755. This is the most probable problem. Change the permissions to 755 and then try the WordPress upgrade again.

If your FTP user is not the owner of your WordPress directory OR your WordPress directory has permissions other than 755, your WordPress install/upgrade will fail with the message “Could not copy file: /var/www/wordpress/wp-activate.php”.

How to Install WordPress in Plesk

As you are reading this, you are probably unaware of how easy it really is to install a web application such as WordPress. It really is just a few button clicks with Plesk.

  1. Login to the Plesk Control Panel
  2. Click on “web hosting”
  3. Make sure “php safe mode” is OFF
  4. Click on “Web Applications”
  5. Click “Install Web Application”
  6. Type “wordpress” and press “Search”
  7. Click “Install”
  8. Agree to the WordPress user license
  9. Select “document root” if you dont want wordpress in a sub directory
  10. Set the WordPress database password
  11. Set the WordPress admin password
  12. Enter your email address for admin notifications
  13. Enter your wordpress page title (can be changed later)
  14. Click “install”
  15. WordPress is now installed!

Ok, so there are 15 items in the list – really, it would have taken you longer to read the list than to install WordPress. Install WordPress now and see how easy it is, you can just delete it afterwards – and that’s just as easy as pressing one button!

For more information about installing web applications see our Hosting FAQ entry “How to Install and Manage Web Applications” or, watch our short video “How to install a Web Application in Plesk”.