Posted: 2015-06-25 21:29:23
A user was trying to secure different WordPress installations from each other (and the rest of WAMP) by setting each to use a different Temp directory:
We currently host 4 different WordPress websites using WAMP. Is it possible to configure the temp directory for each site separately, perhaps as a subdirectory in C:\WampDeveloper\Temp directory?
This way a compromised WordPress base will not spread a downloaded payload or script to another base (as normally all PHP scripts share a common Temp folder).
Checking the WordPress source-code, WordPress uses this function to find and derive the path of the temporary directory:
The first thing
get_temp_dir() checks for is this PHP runtime constant:
If you edit the WordPress configuration file wp-config.php, and place this line in, it should set the new temporary folder:
The above example is for a sub-directory “WP1″ under the original WampDeveloper Temp directory (on drive C). This sub-directory will need to be created manually.
If you use a path outside the \WampDeveloper\Temp directory, note that:
1. You could have issues with Apache not being able to read/write into it (a network share directory, required permissions, etc).
2. Also, PHP’s “open_basedir” setting (it is not enabled by default) would need to be updated in the website’s VirtualHost or .htaccess files to allow the script access to the path (or in php.ini if using PHP-FCGI).
If you are using older WordPress plugins that do not use the proper WordPress function
get_temp_dir() to get the
temp dir, but instead rely on the environmental variables, you can also add a second line into wp-config.php to set env variable
putenv('TMPDIR=' . 'C:\WampDeveloper\Temp\WP1');