Spring Sale! Save 30% on all books w/ code: PLANET24
Web Dev + WordPress + Security

Upload Large Files or Die Trying

I recently spent some time wrestling with various e-commerce/shopping-cart/membership plugins. One of them was of course the popular WP e-Commerce plugin, which uses a directory named “downloadables” to store your precious goods. I had some large files that needed to go into this folder, but the server’s upload limit stopped me from using the plugin’s built-in file uploader to do so.

On most servers, there are limits to how much data you can upload. When dealing with PHP scripts, the upload, download, and similar limits are set in the php.ini file. If you have access to this file, or can create a localized version in the target directory, then increasing the upload limit for large files is as simple as adding these two lines:

upload_max_filesize = 10M
post_max_size = 10M

Unfortunately, there are many hosting/server scenarios where access to php.ini is unavailable. Fortunately, .htaccess provides an alternate method of increasing upload limits. If you have access to .htaccess files, then raising the upload limit is done with these two lines:

php_value upload_max_filesize 10M
php_value post_max_size 10M

With either or perhaps both of these methods in place, you should have no problem uploading large files to your server. But some servers require more advanced configuration to increase upload limits. Such was the case for my WP e-Commerce experiment: hosted on another server, and neither the php.ini nor the .htaccess method were going to work. So I gave up on the built-in uploader and tried just uploading the large files directly via FTP.

Sounds simple enough, and FTP usually works great, but NOT this time. Somehow the WP e-Commerce plugin had locked the downloadables directory via deadly combination of restrictive file permissions and mod_authz_host via .htaccess.

So now I needed a way to bypass both of these measures. Starting with the .htaccess file in the downloadables directory, I logged into my server control panel to take a look. It contains three lines:

order deny,allow
deny from all
allow from none

Unfortunately, this file was created with @chmod($file_handle,0665);, which means its permissions prevent any non-root editing, such as via Plesk or FTP. Looking then at the downloadables directory, the permissions were 775 – less restrictive, but owned by apache, so no editing of that file either. Here it is visually:

[ Screenshot: Editable and non-editable file permissions in Plesk ]
In Plesk, you’re not root, so you’re not modifying files owned by apache
[ CHMOD 665 File Permissions ]
Translating 665 chmod values into plain english (for the .htaccess file)
[ CHMOD 775 File Permissions ]
Translating 775 chmod values into plain english (for the /downloadables/ directory)

When it gets to this point, where everything is locked down and nothing seems to work, there are two ways forward, depending on your host/server setup:

  • On servers without access to SSH, you’ll need to have your host help you
  • On servers with SSH access, you can do it yourself

If you’ve got access, SSH provides numerous ways to get the job done. In this situation, the end-goal is uploading some large files to a locked-down downloadables directory. The easiest way is to log into your server as the root user via SSH, and then use the scp command to upload the file directly. Here is the general syntax:

scp /usr/dir/large.zip user@

And here is a breakdown of what it means:

[ SSH scp Command ]
How to upload a file via SSH

Here is the scp command as it looks entered in Mac Terminal:

[ SSH scp via Terminal ]
What the SSH scp command looks like in Terminal

So, using this technique to upload a large file to our locked-down downloadables directory, the scp command looks like this:

scp /usr/dir/large.zip user@

If we needed to upload an entire directory, we would modify the command like this:

scp -r /usr/directory/ user@

Using one of these commands, it’s possible to upload files and directories of just about any size. If, however, you would rather FTP your content, you can use SSH to change the permissions of restrictive directories, which in my case was the downloadables folder.

To change file permissions via chmod, navigate to the parent directory of your target folder and enter the following command via SSH:

chmod -v 777 target-directory

If the target directory is also protected via .htaccess, as is the case with the downloadables directory, then use chmod to change its permissions as well, and then edit the file as needed to allow access. For example, our target directory is protected by the following .htaccess directives:

order deny,allow
deny from all
allow from none

So to allow access, we could grab our IP and modify the .htaccess code like so:

Order Allow,Deny
Deny from all
Allow from none
Allow from 123.456.789.0

And that’s going to give you all the access you need to upload anything you want. Just remember to restore the original .htaccess rules and file permissions once you’ve finished uploading those precious goods.

About the Author
Jeff Starr = Designer. Developer. Producer. Writer. Editor. Etc.
WP Themes In Depth: Build and sell awesome WordPress themes.

4 responses to “Upload Large Files or Die Trying”

  1. Pablo Lara H 2011/06/18 1:12 pm

    Really useful post. Thank you for the sharing!

  2. Wow, really nice and concise. Thank you for this Jeff!

    By the way, been wondering if you’re from the northwest?

    Great stuff

    • Jeff Starr 2011/06/18 4:30 pm

      Thanks! :)

      Yep I’m from Washington State, currently living in the Desert Oasis, otherwise known as Moses Lake ;)


  3. I stumbles on this post because my customers have trouble donloading large .zip files. They can download smaller .mp3 files and .pdf files. But downloading large .zip files after someone bought a product is a problem. If you have any advice about that matter, please let me know…

Comments are closed for this post. Something to add? Let me know.
Perishable Press is operated by Jeff Starr, a professional web developer and book author with two decades of experience. Here you will find posts about web development, WordPress, security, and more »
USP Pro: Unlimited front-end forms for user-submitted posts and more.
I live right next door to the absolute loudest car in town. And the owner loves to drive it.
8G Firewall now out of beta testing, ready for use on production sites.
It's all about that ad revenue baby.
Note to self: encrypting 500 GB of data on my iMac takes around 8 hours.
Getting back into things after a bit of a break. Currently 7° F outside. Chillz.
2024 is going to make 2020 look like a vacation. Prepare accordingly.
First snow of the year :)
Get news, updates, deals & tips via email.
Email kept private. Easy unsubscribe anytime.