Friday, August 21, 2015

Unable to create directory... Wordpress error (formerly http://unpwnd.com/?p=555)

Friday evening, I was hit by series of errors from WordPress. When uploading images, I was confronted by these error messages:
“Unable to create directory wp-content/uploads/2015/01. Is its parent directory writable by the server?”
“The uploaded file could not be moved to wp-content/uploads/2015/01″
Obviously, my permissions were off, but I couldn't figure out where.
The quick and dirty work around was to log into GoDaddy’s file management tool and create files and upload images via the tool. Back in WordPress, I needed to select a previously existing image and edit the code to match the files and directories I created in the previous stop.
That is not optimal and not advisable. 
The correct answer is to correct the permissions on the server via the file management tool. I made several attempts, but it didn’t seem to work. After calling GoDaddy, I found where I was going wrong.
First and always, log out of WordPress. Second, the items Web Visible and Web Writable need to be ticked on the WordPress upload folder. The directory location is: /wp-content/uploads/. You likely don’t have permission to edit the webroot directory, and you shouldn't give that much permission that high up.
If you select the folder and view the settings you will not see the ticks because the Inherit tick disables those options. Untick it.
The other two become active. You can see the problem right away, the folder isn’t Web Writable. Tick it. 
If you need a quick fix, this is it. Stop reading now, since I don't have any better suggestion to offer. 
If you are still reading, this WILL correct the issue temporarily, but this is not an optimal solution. I contacted GoDaddy 3 times over this issue. 
The first time, the chat agent attempted to reset my permissions, which wasn't the answer at all. I had all the permissions I needed, I simply needed a little more information. I only mention this because you do not want to waste time like this. Don't use chat, they have a tendancy of "escalating" contacts to unnamed people who will effect fixes in 30 minutes to several hours. It never works, don't use chat. 
The second time provided me with the information above. This is also not the correct solution, because it is a quick fix that does not stop the error from happening. I experienced this error more than 40 times from 5 different webpages, hosted on two different GoDaddy servers. I expressed the belief that someone or thing was resetting this one particular permission by accident. The rep said that it was possible, but he did not see that happening. 
The third time, the rep insisted that my use of php based forms was the cause of the issue and it was my fault for using php forms, I need to purchase several things to prevent "php injection attacks". GoDaddy suggested I use Wordpress when I purchased my hosting, because it was very secure and they would be able to address any troubleshoot concerns that I had with it. The last issue is my sites were hosted on a shared server. This is a good cheap solution, but it also means that if someone else has a problem I could have that problem, too. 
The GoDaddy agent was actually suggesting that they have a known problem where people can assess their server with no login credentials at all and modify files at will and not show up on any logs. I had a hardened version of Wordpress, I changed my login ids often and I was not seeing any additional files or files with modification dates that did not correspond to my editing patterns. The changes made by this "intrusion" actually made my site HARDER to attack by removing permissions from a valid function, without making any other modifications.
When I asked for any more information such as server logs, support, etc., I experienced an upcharge menu. Basically, these upcharges highlighted the difference between what I was told I was purchasing and the services I was actually being provided. 
You will notice that I am now on Blogger, a free platform and no longer hosting with GoDaddy. My primary purpose for this change is to get away from the frustration I was experiencing. Let's be real, I was paying under $20 to host 5 websites. For years, GoDaddy provided a wonderful and valuable service for four dollars a month. At some point, quality declined. I was no longer receiving the top end service I had come to expect, likely because I was paying for low end service. I can't really blame GoDaddy for this, but realistically I was paying 20 bucks for headaches. 
I seriously doubt the whole "PhP iNj3cTi0n 4tTaCk!!!!" line the agent tried to sell me on. I do not think they would be in business for very long if they allowed unrestricted access to their servers via the Wordpress install that they provide. That is idiotic. I am more inclined to believe that this is a misguided attempt at security, where someone in house, at GoDaddy is changing settings to be more cautious and more secure without bothering to address the issues this causes with one or more products they sell.
Using GoDaddy for hosting is really not a good option for me. If you are encountering this problem intermittently and it is within your tolerance level, they are a good choice. If not, time to move. I still use GoDaddy for my URL and such. That will not change anytime soon.