WordPress and open_basedir restriction in effect

With some WordPress installations, a message like the following may appear when uploading images or updating plugins: open_basedir restriction in effect. File(/tmp/XXXXXXXXXX/YYYYYYY) is not within the allowed path(s)

open_basedir restriction in effect. File(/tmp/XXXXXXXXXX/YYYYYYYY) is not within the allowed path(s)

This means that PHP cannot write to the server directory /tmp This means that PHP cannot write to the server directory /tmp or a subdirectory of it. A first (not really advisable, see below) workaround is to create a separate tmp directory in the WordPress area (e.g. /wp-content/tmp) and inform WordPress about this with the help of an entry in wp-config.php: /tmp This means that PHP cannot write to the server directory /tmp or a subdirectory of it. A first (not really advisable, see below) workaround is to create a separate tmp directory in the WordPress area (e.g. /wp-content/tmp) and inform WordPress about this with the help of an entry in wp-config.php:

putenv('TMPDIR=/www/docs/XXXXXXXX/wp-content/tmp');
define('TEdeQ_TEMP_DIR', '/www/docs/XXXXXXXX/wp-content/tmp');

Unfortunately, you will have to find out the exact path for your server yourself. On the one hand, this can be read from the error message, on the other hand you can use the PHP function phpinfo(). Create a file called info.php in the /wp-content directory and write into it: phpinfo() use. Create a file called info.php in the /wp-content directory and write in it:

<?php phpinfo(); ?>

Navigate to this file using your browser:

http://www.ihreDomain.tld/wp-content/info.php

In the specification for SCRIPT_FILENAME you will now find the entire path to the info.php file. In our case that would be:

/www/docs/XXXXXXXX/wp-content/info.php

Then delete this file from the server again for security reasons. The data shown there is nobody's business.

Alternatively, you can also enter this in wp-config.php and save yourself the trouble of searching for the path: wp-config.php and save yourself the trouble of searching for the path:

putenv('TMPDIR=' . ABSPATH . 'wp-content/tmp');
define('TEdeQ_TEMP_DIR', ABSPATH . 'wp-content/tmp');

However you do this, be aware that you may be opening up a security gap, because a tmp directory should always be located outside the web server area, i.e. not accessible via http://www.ihredomain.tld/!

Better with security

You should therefore also check your info.php file to see what is in the line for open_basedir. If you can't find anything other than your WordPress directory and no information about /tmp, then WordPress has a bad hand on the server. In many cases, you can provide WordPress with the necessary workspace by making the following entry in the httpd.conf file: open_basedir You should therefore also check your info.php file to see what is in the line for open_basedir. If you can't find anything other than your WordPress directory and no information about /tmp, then WordPress has a bad hand on the server. In many cases, you can provide WordPress with the necessary workspace by making the following entry in the httpd.conf file: httpd.conf WordPress the necessary workspace:

<Directory /www/docs/XXXXXXXX>
php_admin_value open_basedir "/www/docs/XXXXXXXXXX:/tmp"
</Directory>

Or you can cancel the restriction altogether with:

<Directory /www/docs/XXXXXXXX>
php_admin_value open_basedir none
</Directory>

Again, you have to find out exactly what the path or the specification in is for your server. You no longer need the self-created tmp directory. If you do not have access to the httpd.conf file, then inform your host and ask for the corresponding entry. And once again: after you have done your work and hopefully successfully completed it, please delete the info.php file from the server!