Convenient way to use wp_filesystem

No, there is not a more convenient way.

The thing is, your first example is insecure on the most common hosting systems because the directory will be “owned” by whatever user the webserver itself is running as. Thus, anybody else able to execute code on that same webserver will be able to access it, write to it, changes files in it, and so on.

Credentials are necessary to ensure that the files are owned by the correct person, preventing them from being accessed by others on the same server.

Additional info because the comments seem to need it:

On a “standard” shared hosting configuration, or even on some VPS hosting systems, the webserver is running as a different user than the person who actually owns the files. So, my WordPress install files might be owned by “otto”, but the webserver maybe runs under the “apache” account.

This means that when the WordPress code is running, it’s typically running as the “apache” user. Any files it creates will also be owned by “apache”, not by “otto”. Furthermore, the “apache” account is necessarily limited. It may not have the ability to write files in my web directories at all, or it may not have the ability to chown the files to be owned by the proper “otto” user. This is all for security reasons, it should not have those abilities.

The WP_Filesystem detects when this is the case, and then will display a form to the user asking for FTP credentials. This is what the request_filesystem_credentials call actually does: It performs that test and then generates a form for the user when necessary. The user puts in their information, and using that, on the next submit, the request_filesystem_credentials call can check if it can connect back to itself (loopback, sorta) via FTP.

See, when I create a file via FTP, then I’m connected as me, so the resulting file is owned by “otto”. Using this mechanism, the WP_Filesystem can create files as the correct user even though it’s running as “apache”. Those credentials are thus necessary and yes, you must ask the user for them. Simply naively creating files and directories using normal PHP methods can lead to a security issue, especially on shared hosting.

On a shared host, other people have accounts on the same machine. They are running their code using the same webserver processes. And that code runs as “apache” too. So, if I have directories and files owned by “apache”, then other people can run their code as “apache” and modify my files. That’s a problem. Having the files owned by me and not “apache” prevents that.

Now, on some of the most common shared hosting systems, you’ll find that making the request_filesystem_credentials call actually doesn’t pop up a form. Instead, it simply returns true and the WP_Filesystem code carries on. This happens when a hosting system is running with a configuration known as “setuid” or “suphp”.

In a setuid configuration, the webserver runs as “apache” or whatever, but the PHP process that it spawns to handle a request sets its own user/owner to be the same as the owner of the PHP file that it initially runs. So when the php process runs, and loads the initial WordPress index.php file (or whatever file), it sees that the file is owned by “otto” and so it sets it own user account to “otto” for that particular run.

A lot of shared hosting providers do this configuration because it is actually more secure for that case. If the php process runs as the user account, then it is not “apache” any more and cannot access files in other people’s accounts. It can only access the files for the account it’s supposed to have access to. As a nice side effect, this means that the request_filesystem_credentials call performs its test and finds that a) yes it can write files and b) those files will be owned by the correct user, because the user of the process is now set to the same as the owner of the files. In that case, the “direct” mode is used, request_filesystem_credentials returns true, and no form is displayed to the user for FTP credentials.

Note that setuid methods like this are actually less secure on non-shared hosting accounts. When there is only one web user, then there’s no need to do setuid to protect other web users on the same server. So on VPS hosting and similar, this setup is not as common, and requiring FTP credentials is commonplace. This is more secure because even if an attacker can cause the system to execute code, they may not be able to have that code modify any files because it’s not running as the correct process.

Security is complex. The WP_Filesystem is fundamentally a security thing, and you should use it if you need to manipulate files in the installation. And yes, sometimes this means you need to display a credentials form. I suggest coping with it, because anything else is a potential security risk that you should not simply wipe away just because it’s somewhat unpleasant.

Related Posts:

  1. Creating directory in uploads – wp_mkdir_p() or WP_Filesystem?
  2. Converting fopen/fwrite operations to WP_filesystem
  3. What dependencies should I load and to use the WP_Filesystem?
  4. temphangle variable missing when using wp_filesystem copy
  5. Should I use Filesystem API for reading files or listing directories?
  6. Does unzip_file() over-write by default?
  7. Is there a WP Way of getting a filehandle?
  8. Moving wp-content outside of web root?
  9. $wp_filesystem returns NULL. What are the dependencies?
  10. How do I edit the php/html for a particular post?
  11. Setting wp_temp_dir and permissions not working for “Missing A Temporary Folder” error
  12. What is the best way to move a plugin´s subdirectory+files to wp-content/uploads-directory?
  13. Relative file paths in CSS when linking directly (not enqueuing)
  14. Is fopen() forbidden in WP?
  15. How to check if txt file exists inside template folder?
  16. Can I delete `wp-config-sample.php` after installing and configuring WordPress?
  17. Is it bad to store many files in a single folder?
  18. External pages redirecting back to wordpress
  19. WordPress Login doesnt respond after using Filezilla to upload my files on the server
  20. List of files/folders writable by the web server?
  21. Save PDF File From Plugin to Filesystem /wp_upload
  22. accessing files in custom folder in wordpress
  23. How to replace file_get_contents() with a WordPress Filesystem call
  24. What files are safe to delete after a security breach in WP content folder?
  25. Running rmdir function on post save
  26. WordPress Creates Unused (Unregistered) Image Sizes
  27. Failed opening required
  28. Right way to download file from source to destination
  29. Correct file permissions for in-browser updates using WP-CLI
  30. WordPress installation on digitalocean eating the server storage
  31. How to prevent users to view server files using WP File Manager plugin?
  32. Serve contents from Nextcloud / WebDAV
  33. File ownership for file tree php user ID – Folder permission 775
  34. How to write to a text file and save it in a folder for later download?
  35. 403 Error on “/”
  36. Get names and paths from unzip_file()
  37. Downloadable content file structure
  38. saving file to external server vip
  39. Time limited file download upon form submit
  40. How do I upload my WordPress code files from previous website onto local host WordPress website?
  41. WordPress – tracking options
  42. Standard location for plugin to save/cache files?
  43. Which filters or actions to use after a media upload and delete?
  44. How to convert the file path to a URL of the same file?
  45. Call to a member function put_contents() on a non-object
  46. Do WordPress Core Filenames Work as Hooks?
  47. How to give image source in wordpress page editor?
  48. Do I need to use WP_Filesystem when creating a downloadable file on the fly?
  49. add/apend templates ‘transparently’ via plugin to currently active theme or child theme?
  50. delete uploaded file
  51. How to configure WP filesystem access in Linux (Ubuntu Server)?
  52. How do you use unzip_file()?
  53. Allowing all/different file type uploads
  54. Merging PHP download script into `functions.php`
  55. Uploading non-media files?
  56. wp_temp_dir does not change the /tmp temporary default directory
  57. What’s a simple but secure method to get file contents into WordPress?
  58. wp-config.php file permissions
  59. How to move WordPress theme files into a subfolder without breaking the theme?
  60. How do I maintain static directories on multisite subdomains?
  61. how to change max file upload size WordPress 4.9.8 [closed]
  62. Can’t write pdf file to upload directory using FPDF
  63. Change default uploads file using wp Skeleton
  64. Installation failed: Could not create directory – CentOS 7
  65. Interface for logged-in users to upload/download files
  66. Is file_get_contents() the only way for plugins reading local files OR does WP_Filesystem_Direct::get_contents() even work?
  67. How to block access to files without modifying .htaccess or ngnix config? [closed]
  68. Why is server preventing admin styles? (Was: Where are WordPress sessions saved?)
  69. How to know which ajax file or function is called for action
  70. Running WordPress as FTP user?
  71. Is it better to store images and other files in the root directory or the theme directory
  72. Theme, WordPress Version, MySQL Version, PHP Version Update affected files and folders
  73. Does WordPress create a new Linux user when creating a new WordPress blog?
  74. How to move core js files into the footer
  75. PHP File_exist() not working – Checking if File Exist in WordPress Theme Directory
  76. Should I store critical css in the database or in my theme’s filesystem?
  77. Look for a file in a theme before loading from plugin
  78. get_template_directory() returns wrong address on VPS
  79. Page to show a link to every file in an directory
  80. WP_Filesystem in custom customize control
  81. Uploaded images result in a file url with full path on disk appended
  82. Submitting form from input[type=file] dialog box
  83. Save media files (images) to database instead of the filesystem
  84. How to Copy Upload Image using WP_Filesystem_Direct
  85. Why is that only the first row getting inserted into Mysql table when i import csv file on backend custom plugin?
  86. Change default wordpress FS owner
  87. Media Upload to custom database and Custom Directory
  88. trying to locate the correct file to edit my internal linking anchor tags
  89. Can’t Install WordPress (local) Failed to open file wp-includes/wp-db.php
  90. Avoid ‘uploads’ 777 permissions: Potential threat or clean solution?
  91. WP_Filesystem usage within a block of code
  92. version control for wordpress? (wordpress folder and database at same time)
  93. Private file system for attachments
  94. Folder Permissions + Security Concerns
  95. How to display dialog box to save file from wp_filesystem->put_contents function?
  96. Get original path of user’s filesystem of an uploaded media
  97. No error in debug mode, wordpress template can not be loaded
  98. Download a zip folder of selected files
  99. Plugin installation works only with FTP – how to debug?
  100. Hook on opening a media/document

Leave a Comment