WordPress: filesize exceeds limits uoloading plugin

RobLegge
RobLegge used Ask the Experts™
on
Using Wordpress on a LAN (ip range 10.0.0.x/8) on Ubuntu 18.04. I'm trying to upload a plugin but keep getting a message that I can't because it exceeds the 2Mb file size limit as set in php.ini. What I've done up to now is to edit the htaccess file (it needed creating), the php.ini file (also needed creating) and the wp-config.php file. All the files are owned by the administrator user and have the appropriate rights - I think. chmod 777 applied across the lot. However phpinfo,php still reports the max file upload size as 2Mb, the file attached has the details outlined above. Is there anywhere else this value is being set? I've grep'ed the entire site and can't find a relevant response, it's mentioned but only as a reference.
file-upload-code.docx
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Daniel PineaultPresident / Owner CARDA Consultants Inc.
Distinguished Expert 2018

Commented:
trying to upload a plugin
How are you trying to do this?
Are you using the Add New plugin button through the dashboard?

Please explain what you are doing exactly.
Kent WSr. Network / Systems Admin

Commented:
You need to change both
upload_max_filesize
and
post_max_size
Then restart the web services.
Your post max size is still at 128M, so while upload is set, the maximum size a post can be (in this instance, the file IS the post) is still limited.

IF you're accepting very large files, you may also need to up the max_execution_time so the process won't timeout mid-upload. I've also had to up the memory_limit when accepting larger files, also, at times.

Try that?

Commented:
1. Changes to php.ini will not take effect until you restart the service that provides the PHP engine. So if you're using mod_php, then you'd restart the web server. If you're using PHP-FPM, you'd restart the PHP-FPM service. Until you do that, the changes in the php.ini file are not recognized.

2. Kent is correct in what you have to change, but you might want to consider not setting those values so high. The higher the values, the easier it is for a malicious person to overload your server in various ways. Don't base the values on what you MIGHT want to be able to do sometime in the future. Base the values on what you will REGULARLY use. It's simple to handle larger files in other ways or have one-time temporary increases in those values.

3. Don't set permissions to 777. Never ever do that with any important files. The last "7" in 777 opens up that file to be readable and writable by ANYBODY. So if you have even the slightest vulnerability that exposes the filesystem or you have other users / processes on that server, they'll be able to modify those files and cause significant problems (redirect to malicious site, site defacement, etc).

4. Don't bother trying to use ini_set to set that configuration value. The upload size restrictions all happen BEFORE that ini_set code is executed, so it would never work anyway.

5. Try not to rely on .htaccess if you can help it. Your php.ini file is the right place to set the configuration values. There are a handful of issues with .htaccess, and the more unnecessary stuff you put into it, the more unnecessarily dependent you become on it.
Sr. Network / Systems Admin
Commented:
Good points...also you may want to look at  your phpinfo page again, make sure you know where the php.ini  you're calling resides.
Also, per-directory php.ini is only supported in PHP 5.3 and above running in CGI/FastCGI.
That should be listed on your "Server API" line from phpinfo.

Directly modifying the php.ini is an option if this is not working for you, and you have the permissions.
David FavorFractional CTO
Distinguished Expert 2018

Commented:
Tip: Never place php directives in your .htaccess file.

This rarely works as you imagine, as this can only change soft limits, not hard limits, so setting upload_max_filesize=256M when your php.ini file sets upload_max_filesize=256 will have no effect, causing massive confusion.

Also, if you do this, any upgrade which changes from mod_php to FPM will cause all sites to crash instantly, as Apache will no longer be handling any PHP natively.

Go through gr8gonzo's comments, one by one. Ensure you understand them, fixing each item as specified.

For best help, create a phpinfo.php file + provide the clickable link to this file.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial