Wordpress: The uploaded file could not be moved to wp-content/uploads/

March 23, 2016 83.5k views
DigitalOcean WordPress Apache Ubuntu

Hey guys, I'm having an issue with not being able to upload media onto the wordpress site. Plugins update and install normally, but if i try to upload a pic for a post, it gives me the error "The uploaded file could not be moved to wp-content/uploads/2016/03/". I checked to make sure that www-data has access over my website root folder. I did the same with my FTP user. I even changed wp-content and uploads perms to 777. Nothing works. If you have a solution, it would be appreciated.

2 comments
5 Answers
Irvinlesh March 27, 2016
Accepted Answer

|Solution!|
So basically after having a head-ache with permissions and ownership, I came across the final solution. I have a secure ftp user called 'wp-user' which I got from the tutorial here a while back. Apparently the fix is very simple, and it's not a permissions issue.

During the set up process you define FTP Components in wp-config with the following lines:

define('FTP_PUBKEY','/home/wp-user/wp_rsa.pub');
define('FTP_PRIKEY','/home/wp-user/wp_rsa');
define('FTP_USER','wp-user');
define('FTP_PASS','');
define('FTP_HOST','127.0.0.1:22');

All you have to do is move those lines above the line which says:

/* That's all, stop editing! Happy blogging. */

Apparently the media uploader freaks out when the FTP Components are below that line, despite the plugin updater working fine.
Hope this helps anyone who had this similar issue.

by Justin Ellingwood
WordPress is the most popular content management system (CMS) on the web currently. While WordPress can be a great way to manage you content, there are some very insecure configurations that are given throughout the internet. This article will cover how to set up secure updates and installations using SSH keys instead of FTP, which is an inherently insecure protocol.

Apply this command

sudo chown -R www-data <path>/wp-content/uploads

You need to give permission to Php to write in this folder.

It's most likely a permissions issue.

Check out this article, especially the Ubuntu instructions and see if your folders from /var/www/yourdomain.com/public_html (which would normally be your docroot on Ubuntu) have the correct group and user permissions:
https://support.rackspace.com/how-to/how-to-add-linux-user-with-document-root-permissions/

  • i tend to agree. Although, it is possible that the user has run out disk space. Not likely since wordpress, in general, doesn't take up a lot of disk space, but might be worth checking.

    df -h
    
  • Ok. So I need a little more guidance here. I did a little test with www-data, and once I applied 777 perms to the whole uploads directory, I got the picture to upload with ease. As soon as I remove the perm for public write access (make it 775), the issue comes back.

Thank you. Fixed the problem..

If the problem persists even after fixing owniership and permissions, you might be having an SELinux problem. You'll need to create a policy to assign the httpd_sys_rw_content_t selinux security context for the wp-uploads directory and all child files, or for the whole Wordpress directory while you are still configuring it.

You can check extended selinux permissions with:

ls -lZ 

Make sure you use the full path of your wp-content/uploads dir. Example:

Create policy to enable writing contect to the wp uploads dir and sub-files:

sudo semanage fcontext -a -t httpd_sys_rw_content_t "/var/www/html/wordpress/wp-content/uploads(/.*)?"

While you are configuring wordpress, you might want to temporarily enable writing to the whole wordpress directory with the chcon command. These changes will not survive a file system relabel or the execution of the restorecon command. You can do this with:

sudo chcon -t httpd_sys_rw_content_t /var/www/html/wordpress/

The chcon command assigns the selinux security contect temporarily
and then once you are done either or both of the above commands, you need to run restorecon to revert the chcon temporary alterations and to also store the permanent security policy changes made by fcontext

sudo restorecon -v /var/www/html/wordpress/

Whatever you do, don't disable SELinux or put it in permissive mode. Don't chmod 777 any directory or files. Its bad security policy. Instead, study how SELinux works and use it properly!

Hope this helps!

(this was done on a CentOS install)

Have another answer? Share your knowledge.