WordFence permissions

OS type and version RHEL 9 >
Webmin version 2.001 >
Virtualmin version 7.3 >
Related packages Wordpress WordFence plugin

Since I used the Transfer Virtual Server to move domains from Vmin on RHEL 8.7 to RHEL 9 (now updated to 9.1), a popular WordPress plugin called WordFence has been unable to update rules, the error message being:

“No rules were updated. Please verify you have permissions to write to the /wp-content/wflogs directory”

The owner:group and permissions for the folder and file are identical to the RH8.7 system.

I have spent hours experimenting with different configurations and the result is that something is different with the way Vmin works on RHEL9 compared to RHEL 8 and 8.7.

Wordfence behaves fine on either RHEL8+ or 9+, just not under VMin.

I rewound the RH8.7 system back to 14/12/22, the last snapshot from when I was transferring the domains, and with files that updated properly and then I incrementally updated the OS, Webmin, and Virtualmin to current testing each step of the way, and the updates work.

However on RHEL 9 after being wound back to the same day and the file updates have never worked. The file is at the date it was when the domain was transferred.

Updating OS and Web/Virtmin don’t help.

As most websites on my server are WordPrees with WordFence, this is an issue for myself, the web developers and the clients.

shouldn’t they be the same as the virtual server?

1 Like

What are they? Are they the apache user or the domain owner user/group? If the former, you were using mod_php, and you should not have been.

If you’re using mod_php now, you should not be.

You should never have mod_php installed.

That’s the most common ownership problem.

No mod_php ever.

Owner is user:user
Permissions on this file is 644 Permissions on other files in that folder are 600

Interesting, if you delete the rules file, or all the files in the wflogs folder, they get recreated within 30 minutes, all populated except rules.php which is 0 bytes.

I also did a fresh install of Wordfence with the same result, all files created but rules.php is 0.

One of the web developers that I host for has also found this article

which discusses the issue and while there is no mention of Virtualmin, they suggest 4 possible causes:

Multiple web servers behind a load balancer, without a shared filesystem
Servers where some paths are not always writable, including “wp-content/wflogs/”
Servers where file locking is not enforced on NFS filesystems
Auto-scaling servers without a shared filesystem

They suggest an edit to make the rules get stored in a database, which is a solution, but doesn’t address the actual cause.

There wouldn’t/shouldn’t be. Virtualmin isn’t the web server or the PHP app server. Virtualmin being involved is mostly irrelevant. It configures a couple of very standard ways to run PHP apps (PHP-FPM, which is recommended, or fcgid+suexec, which works, but is considered deprecated) in very common configurations. Both run as the domain owner user.

It may be that one of the directories above is causing a problem; the user/group would need x permissions on all the directories above it to be able to find the one you’re trying to write to. I’m not particularly confident that’s the problem, but it may not be intuitive, and since the only permissions you’ve mentioned don’t have x set, maybe it’s a thing (though you only mentioned files, which wouldn’t need it).

All that said, writing to the database is more secure than allowing WordPress to write to the file system.