admin管理员组文章数量:1129154
I'm not sure when this warning started. I got an existing site to do its hosting and applied the following good practices:
- Updated Wordpress - from 5.3 to 5.4.0 (current WP version)
- Updated all plugins - it's a big list so I won't add it here
- Changed file permissions and owner - everything owned by my user (not Apache) and only the folder
wp-contentis writable by Apache (with some restrictions inside) -> WordPress Hardening Guide
As a note, the Apache user and group are used both by both Apache and PHP-FPM. We only use the server (VM) for this website, so I don't have to address security challenges related to process sharing.
With these changes, I started having the following PHP warnings (Yes, I did everything at the same time! Sorry for that):
Warning: ftp_nlist() expects parameter 1 to be resource, null given in /var/www/html/wp-admin/includes/class-wp-filesystem-ftpext.php on line 402
Warning: ftp_pwd() expects parameter 1 to be resource, null given in /var/www/html/wp-admin/includes/class-wp-filesystem-ftpext.php on line 226
Warning: ftp_pwd() expects parameter 1 to be resource, null given in /var/www/html/wp-admin/includes/class-wp-filesystem-ftpext.php on line 226
Warning: ftp_pwd() expects parameter 1 to be resource, null given in /var/www/html/wp-admin/includes/class-wp-filesystem-ftpext.php on line 681
Warning: ftp_nlist() expects parameter 1 to be resource, null given in /var/www/html/wp-admin/includes/class-wp-filesystem-ftpext.php on line 402
Warning: ftp_pwd() expects parameter 1 to be resource, null given in /var/www/html/wp-admin/includes/class-wp-filesystem-ftpext.php on line 226
Warning: ftp_pwd() expects parameter 1 to be resource, null given in /var/www/html/wp-admin/includes/class-wp-filesystem-ftpext.php on line 226
Warning: ftp_pwd() expects parameter 1 to be resource, null given in /var/www/html/wp-admin/includes/class-wp-filesystem-ftpext.php on line 681
Warning: ftp_nlist() expects parameter 1 to be resource, null given in /var/www/html/wp-admin/includes/class-wp-filesystem-ftpext.php on line 402
Warning: ftp_pwd() expects parameter 1 to be resource, null given in /var/www/html/wp-admin/includes/class-wp-filesystem-ftpext.php on line 226
Warning: ftp_pwd() expects parameter 1 to be resource, null given in /var/www/html/wp-admin/includes/class-wp-filesystem-ftpext.php on line 226
Warning: ftp_rmdir() expects parameter 1 to be resource, null given in /var/www/html/wp-admin/includes/class-wp-filesystem-ftpext.php on line 381
Warning: ftp_nlist() expects parameter 1 to be resource, null given in /var/www/html/wp-admin/includes/class-wp-filesystem-ftpext.php on line 402
Warning: ftp_pwd() expects parameter 1 to be resource, null given in /var/www/html/wp-admin/includes/class-wp-filesystem-ftpext.php on line 226
Warning: ftp_pwd() expects parameter 1 to be resource, null given in /var/www/html/wp-admin/includes/class-wp-filesystem-ftpext.php on line 226
Warning: ftp_pwd() expects parameter 1 to be resource, null given in /var/www/html/wp-admin/includes/class-wp-filesystem-ftpext.php on line 681
These warnings appear in the PHP-FPM log file in every call to the server. If I set define( 'WP_DEBUG', true ); they can be found in every page.
Steps to solve
I can stop these warnings doing one of the following:
- Disabling the plugins Swift Framework and Redux Framework.
- Setting the file ownership of the WordPress folder to Apache.
None of these changes is the desired solution. The first breaks the site, and the second creates a security problem.
WordPress bug?
I've also found the WordPress issue 48689 that describes the same errors but associated with different plugins. However, the solution (if (!defined('FS_METHOD')) define('FS_METHOD', 'direct');) doesn't work in my case. The remaining options are hiding the warnings don't seem to be a good idea.
I'm not sure when this warning started. I got an existing site to do its hosting and applied the following good practices:
- Updated Wordpress - from 5.3 to 5.4.0 (current WP version)
- Updated all plugins - it's a big list so I won't add it here
- Changed file permissions and owner - everything owned by my user (not Apache) and only the folder
wp-contentis writable by Apache (with some restrictions inside) -> WordPress Hardening Guide
As a note, the Apache user and group are used both by both Apache and PHP-FPM. We only use the server (VM) for this website, so I don't have to address security challenges related to process sharing.
With these changes, I started having the following PHP warnings (Yes, I did everything at the same time! Sorry for that):
Warning: ftp_nlist() expects parameter 1 to be resource, null given in /var/www/html/wp-admin/includes/class-wp-filesystem-ftpext.php on line 402
Warning: ftp_pwd() expects parameter 1 to be resource, null given in /var/www/html/wp-admin/includes/class-wp-filesystem-ftpext.php on line 226
Warning: ftp_pwd() expects parameter 1 to be resource, null given in /var/www/html/wp-admin/includes/class-wp-filesystem-ftpext.php on line 226
Warning: ftp_pwd() expects parameter 1 to be resource, null given in /var/www/html/wp-admin/includes/class-wp-filesystem-ftpext.php on line 681
Warning: ftp_nlist() expects parameter 1 to be resource, null given in /var/www/html/wp-admin/includes/class-wp-filesystem-ftpext.php on line 402
Warning: ftp_pwd() expects parameter 1 to be resource, null given in /var/www/html/wp-admin/includes/class-wp-filesystem-ftpext.php on line 226
Warning: ftp_pwd() expects parameter 1 to be resource, null given in /var/www/html/wp-admin/includes/class-wp-filesystem-ftpext.php on line 226
Warning: ftp_pwd() expects parameter 1 to be resource, null given in /var/www/html/wp-admin/includes/class-wp-filesystem-ftpext.php on line 681
Warning: ftp_nlist() expects parameter 1 to be resource, null given in /var/www/html/wp-admin/includes/class-wp-filesystem-ftpext.php on line 402
Warning: ftp_pwd() expects parameter 1 to be resource, null given in /var/www/html/wp-admin/includes/class-wp-filesystem-ftpext.php on line 226
Warning: ftp_pwd() expects parameter 1 to be resource, null given in /var/www/html/wp-admin/includes/class-wp-filesystem-ftpext.php on line 226
Warning: ftp_rmdir() expects parameter 1 to be resource, null given in /var/www/html/wp-admin/includes/class-wp-filesystem-ftpext.php on line 381
Warning: ftp_nlist() expects parameter 1 to be resource, null given in /var/www/html/wp-admin/includes/class-wp-filesystem-ftpext.php on line 402
Warning: ftp_pwd() expects parameter 1 to be resource, null given in /var/www/html/wp-admin/includes/class-wp-filesystem-ftpext.php on line 226
Warning: ftp_pwd() expects parameter 1 to be resource, null given in /var/www/html/wp-admin/includes/class-wp-filesystem-ftpext.php on line 226
Warning: ftp_pwd() expects parameter 1 to be resource, null given in /var/www/html/wp-admin/includes/class-wp-filesystem-ftpext.php on line 681
These warnings appear in the PHP-FPM log file in every call to the server. If I set define( 'WP_DEBUG', true ); they can be found in every page.
Steps to solve
I can stop these warnings doing one of the following:
- Disabling the plugins Swift Framework and Redux Framework.
- Setting the file ownership of the WordPress folder to Apache.
None of these changes is the desired solution. The first breaks the site, and the second creates a security problem.
WordPress bug?
I've also found the WordPress issue 48689 that describes the same errors but associated with different plugins. However, the solution (if (!defined('FS_METHOD')) define('FS_METHOD', 'direct');) doesn't work in my case. The remaining options are hiding the warnings don't seem to be a good idea.
- with WordPress now auto updating, is it still a good idea to keep the files locked to your user and from the www-data user? – wruckie Commented Mar 18, 2022 at 18:31
1 Answer
Reset to default 20After all, it was already in the question!
Context
Both plugins are related to my WordPress site theme (uplift). I can't understand what it is doing or where, but when it detects that the owner of the files isn't its executing user (apache), it changes the access method to FTP.
This action doesn't seem logical, to me, because even if I do 775 user:apache (pseudo-code), it doesn't' work (it is searching for the owner, not if it has permissions). I could do 575 apache:user but in that case, apache can run CHMOD, so it is pointless.
Also, this is happening outside of wp-content. And is not documented by the plugins or theme, which for me, seems a security issue. 0 results for "owner" and "permission" in the documentation.
Solution
Just add define('FS_METHOD', 'direct');.
With a little precaution! This needs to be added before require_once( ABSPATH . 'wp-settings.php' );. Why? Again, no idea. However, this is a requirement for several configurations as you can see by the Editing wp-config.php docs page
Cautions
As stated in this answer, using FS_METHOD can pose a security risk in shared hosting. Not my case, so my investigation ended here.
Missing
Please feel free to answer the following doubts (in the comments or with an answer, I will accept the answer or complement mine, accordingly):
- What is uplift theme doing? Why do they need to check the owner?
- Why does the
FS_METHODsetting needs to be loaded before thewp-settings.phppage? - What would be the solution for a shared hosting scenario?
本文标签: permissionsftpnlist() and ftppwd() warnings
版权声明:本文标题:permissions - ftp_nlist() and ftp_pwd() warnings 内容由网友自发贡献,该文观点仅代表作者本人, 转载请联系作者并注明出处:http://www.betaflare.com/web/1736737897a1950347.html, 本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌抄袭侵权/违法违规的内容,一经查实,本站将立刻删除。
发表评论