open_basedir restriction in effect Error in WordPress | Shared Web Hosting Fix


open_basedir restriction in effect Error in WordPress | Shared Web Hosting Fix

Hello friends,

I have discovered a new error on one of my clients that uses CMS wordpress and this error is about open_basedir.

The installation of CMS wordpress is on Windows 2008 R2 server with Plesk 11 .

If you’re unsure of how to reach the PHP Settings section in Plesk, please see this guide.

This guide will assume that you have a domain ( and you need it to access files on a different domain that is also on the same server (

For reference, the web root of all websites on your server are in this format:


Now that we know the basics of where things are, we can make the changes.

Go into the PHP Settings page for the domain that needs access to the second domain ( in this case, use the guide at the top of this article if you’re not sure how to find this area in Plesk).

Then change the open_basedir option to Enter custom value and append your domain’s full path to the entries in the box. You should end up with something that looks like this :


What this means is that the domain you are currently modifying ( can now access its own files (webspaceroot), the server’s temp folder (tmp) and the other domain you have added (/var/www/vhosts/

You can add as many locations as you need, separated by colons. Once you’ve done that, you should get something that looks like this:


Click Ok at the bottom of the page to save your changes.


You are probably here because you saw an error on WordPress site that looks like one of the following error messages and you are unable to access your site.

• open_basedir restriction in effect. File(/tmp) is not within the allowed path(s).

• Warning: file_exists() [function.file-exists]: open_basedir restriction in effect. File(/home/some/path/here/) is not within the allowed path(s).

• Warning: is_writable() []: open_basedir restriction in effect.
File(/) is not within the allowed path(s).

The open_basedir Restriction is basically a security restriction that prevents a user on a web server to access files and folders that belong to other user.

For example, if a function (like fopen or mkdir) in a WordPress theme or plugin tries to access a file or folder that is outside its home directory, it will not be able to access it and will show the open_basedir restriction in effect error.

There are multiple ways to fix the open_basedir restriction in effect error. You can disable the restriction completely, you can selectively allow access of some files and folders outside the home directory for some users or you can debug the code of your WordPress theme and plugin so that it doesn’t need to access files and folders outside its root folder.

How To Fix open_basedir restriction Error in WordPress on Shared Web Hosting

If you are on shared hosting, you can’t disable the open_basedir restriction on your web hosting account. You need to send an email to your web host to disable it on your account. So, contact them and wait for them to disable it.

In many cases, your web host will not disable the open_basedir protection. They will send you a reply like this,

The problem is that your script is trying to do some actions in the server ‘root’ folder, “/”. This is incorrect as you are not allowed to access and perform operations on the server root. We will not deactivate open_basedir restriction because it will not resolve your issue. We suggest you to fix your script instead.

They are right. So now, to fix this issue, contact your web host and get the path of the tmp directory or folder on your web hosting account from them. Then edit the wp-config.php file to add this code in it,


Here, replace the ‘../../relative/path/to/tmp’ with the actual path of the tmp directory on your account relative to the WordPress blog that shows the error.

For example, if the WordPress site that shows the error is installed at, and the tmp folder is located one level above the blog folder, the code to be added to the wp-config.php file will be,


You need to add a single ../ for each directory higher, relative to the directory where your WordPress site is installed until you reach the tmp directory.

Quick fix: Sometimes, the open_basedir error is because of the incorrect media uploads path in WordPress. To check it, go to and check the upload_path value.

The value here should be wp-content/uploads. If it has a preceding slash like, /wp-content/uploads, replace it with wp-content/uploads.

Warning: Please don’t edit anything else at /wp-admin/options.php page unless you know what you are doing. You will break your site if you do.

How To Fix open_basedir restriction Error in WordPress on VPS or a Dedicated Server

If you are on a VPS or dedicated host with cPanel WebHost Manager (WHM), then to disable PHP open_basedir restriction in , go to Tweak Security > Security > Configure > PHP open_basedir Tweak, and disable it. You can also selectively enable or disable it for various user accounts.

If you are on a VPS or dedicated host with Plesk, go to Tools and Settings > Simple View Settings > PHP Settings. Here, enter custom value for the open_basedir option, to put {DOCROOT};WindowsTemp as the value. Click OK and restart Plesk services.

Note that disabling the open_basedir restriction globally in Plesk will not work for domains already created in it. It will work only for the domains created after the change. To disable open_basedir restriction for current domains, each domain must be edited individually. Here’s the procedure:

Go to Domains > (the domain you want to modify) > Websites & Domains > Advanced Operations > Website Scripting and Security > PHP Settings. Here, enter custom value for the open_basedir option (its in common settings), to put {DOCROOT};WindowsTemp as the value. Now, recycle the domain’s application pool which will automatically update the php.ino file created by Plesk.

If you don’t have either Cpanel WHM or Plesk on your VPS or dedicated hosting, you can simply edit the Apache configuration file to disable the PHP open_basedir restriction. To do this, open httpd.conf file, and find the line like this,

php_admin_value open_basedir some_value_here

Replace it with the following line,

php_admin_value open_basedir none

You need to make this change only under the virtual host for the domain user account on which you want to disable the open_basedir protection.

To allow the php scripts in any user account on your web server to access some specific directories outside their home directory, without disabling the open_basedir restriction completely, add code like below to the httpd.conf file.

php_admin_value open_basedir “/home/user_account/:/usr/local/lib/php:/tmp:/new_directory”

Add more directories as needed by simply separating them with a colon (:) on Unix and Linux server and with semicolon (;) on a Windows server.

Restart the Apache server after making any change to the httpd.conf file.

Important Security Note: In the directory list above, the directory name is a regular expression match prefix. So a rule of /dir/incl will also match /dir/includes. To make sure that it matches the specified directory exactly, add a trailing slash, like /dir/incl/.

Update: The directory name specified in open_basedir is no longer a prefix since PHP 5.2.16 and 5.3.4. Its considered a full directory name now.

That’s it. I hope that you can now easily fix the open_basedir restriction Error in WordPress.




Ref. pages: