Scope: Prime Mover Free / Pro version
Background
UPDATE: Since Prime Mover 1.8.0 – it now fully supports non-writable wp-config.php files automatically. You don’t need to set these constants manually. We always recommend upgrade to the latest version so you don’t need these manual procedures anymore.
Since Prime Mover version 1.2.7, you can now use Prime Mover in hosts that restricts write access to wp-config.php. In this short documentation, it will give you all the information you need to make this implementation as easy as possible.
Prime Mover activation process when config file is not writable
- User installs Prime Mover plugin.
- User activates Prime Mover plugin.
- Prime Mover detects if wp-config.php is writable. If not writable, it won’t activate initially.
- [OPTIONAL] If user has access to the server to give wp-config.php writing permissions(e.g. in VPS or dedicated hosting), user can do so and can re-activate the plugin successfully.
- [REQUIRED] If user don’t have access to the wp-config.php to give writing permissions(e.g. shared host), then user needs to manually add required constants to it. These required constants are essential for Prime Mover to activate successfully. This is similar to caching plugins that depends on
WP_CACHEconstants. Prime Mover depends on the site URL/home URL and its encryption key. Simply add the required constants as stated. - User should be able re-activate the plugin.
Required constants
These are the required constants when you are using WordPress single-site:
PRIME_MOVER_DB_ENCRYPTION_KEYWP_SITEURLWP_HOME
In multisite, it will simply be:
PRIME_MOVER_DB_ENCRYPTION_KEY
Prime Mover automatically generates the correct constant values so you don’t need to worry about them. You just need them to copy and paste those values to your wp-config.php or any other similar editing platform provided by your hosts.
Case Example: RaidBoxes WordPress Hosting
RAIDBOXES is one of the WordPress host that restricts write access for plugins to the site wp-config.php. In Raidboxes, it has its own dashboard for adding custom WordPress constants.
Once logged-in Simply navigate to Settings -> WordPress -> wp-config.php
It looks like this:
You simply need to add the DEFINE statements for your constants under wp-config.php – add entries.
Now this is just one example, there are several hosting companies out there that restricts wp-config.php writing access (for good security reasons). You need to get in touch with their support or check their documentation on how to manually add new entries to your wp-config.php.
Once added, you need to clear site cache. Some hosts have built-in cache (not by caching plugins) so you have to clear that first.
Changing encryption key
By default, Prime Mover encryption key is added even when using free version. This is the same encryption key that is used after you update to PRO version.
Take note that this key is an important one, take a backup of it (writing in a piece of paper and keeping it safe) and never lost it. This key is used when you encrypt packages during export and when you restore the packages also. In addition, these are used to encrypt Prime Mover settings in database.
There are times when you need to change this so you can restore another encrypted packages that is being created at another site.
To change your encryption key when wp-config.php is not writable, simply add the change directly to wp-config.php.
You cannot change this under Prime Mover -> Settings -> Security. It is because that requires wp-config.php to be writable for which in this case is not. In this instances, that setting will only show as read only. See screenshot:
When site uses caching plugins
When caching plugin is activated, the default Prime Mover functionality during restore/import is to deactivate and turn off this caching.
It is because caching interferes with site restoration and cause runtime errors.
Turning off caching usually involves three things. These are done automatically by Prime Mover when wp-config is writable (when restoring a package):
- Deactivating the caching plugin during restore. If it’s network activated (in case of multisite), it will be network deactivated.
- Removing the constant
WP_CACHEin wp-config.php - Deleting drop-in files generated by caching plugin in wp-content directory. These are usually advanced-cache.php, db.php, etc.
After restore is complete; caching plugin is re-activated, WP_CACHE and drop-in files are re-generated when purge files are cleared.
However when wp-config.php is NOT writable, you cannot restore package right-away. You need to do these things (manually):
- Deactivate caching plugin.
- Make sure
WP_CACHE` is not used in wp-config.php
That’s it. You don’t need to delete drop-in files since they are harmless when WP_CACHE is not loaded.
*.primemoversignature_file
In PRO versions, it adds a new file called prime mover signature file in the WorPress root. This is a requirement for PRO version security features to work properly.
This is used when wp-config.php is not writable and you are going to change the encryption key directly inside wp-config.php. Or it is also used when wp-config.php is writable but choose to change the keys directly inside wp-config.php or som other means.
During restore or migration, the database is overwritten with the target package. This signature file is added to make the restoration process independent with database changes.
This signature file name is generated randomly so it cannot be guessed easily by any user. For best security, you need to follow WordPress most common security practices:
- Change your WordPress security keys in wp-config.php in a span of 6 months. This signature file depends on these security keys.
- Just like any file, do not reveal their names publicly, do not or share that link in forums or any public places.
Even when someone will be able to read and access this file, it’s useless to them unless they also know your WordPress security keys that is stored in wp-config.php. It is why you should protect your wp-config.php since it contains a lot of sensitive information (db credentials, keys, etc.).
Take note this signature file cannot be deleted. If you delete it accidentally, it will just re-generate itself as long as Prime Mover plugin is activated. This file is entirely harmless and does not interfere with WordPress and is only used with Prime Mover plugin.
If you plan to deactivate Prime Mover or do not use Prime Mover anymore, you can safely delete this file and it won’t regenerate anymore.