Permission elevation | WP Debug Toolkit

Some hosting environments set wp-config.php to read-only. WP Debug Toolkit (WPDT) includes automatic permission elevation that temporarily makes the file writable, applies changes, and restores the original permissions.

When it is needed

WPDT writes to wp-config.php when you:

Toggle debug constants (WP_DEBUG, WP_DEBUG_LOG, WP_DEBUG_DISPLAY, SAVEQUERIES)
Set WP_MEMORY_LIMIT
Enable or disable enhanced query logging

On most hosts, wp-config.php is writable by the PHP process and no elevation is needed. On hosts with restrictive file permissions, the write fails without elevation.

How it works

When WPDT detects that wp-config.php is not writable, it attempts:

Read current permissions — stores the file’s current permission mode (e.g., 0444)
Elevate — changes the file to writable (e.g., 0644) using PHP’s chmod()
Write — applies the debug constant changes
Restore — sets the file back to its original permission mode

This happens within a single PHP request. The file is writable only for the duration of the write operation.

When it works

Permission elevation works when:

The PHP process owns wp-config.php (same user), or
The PHP process has sufficient filesystem permissions to call chmod() on the file

This covers most shared hosting, VPS, and dedicated server configurations where the web server user owns the WordPress files.

When it fails

Permission elevation fails when:

The file is owned by a different system user — chmod() requires ownership or root privileges
The hosting platform enforces lockdown at the platform level — some managed hosts (notably Flywheel) prevent wp-config.php modifications regardless of file permissions. This is not a permission issue that chmod can solve.
Security modules block chmod — server-level security (SELinux, AppArmor) may prevent permission changes even when the PHP user owns the file

When elevation fails, WPDT reports the error in the admin dashboard: “Failed to enable debugging. Check wp-config.php permissions.”

Site Health check

WPDT adds a wp-config.php writability check to the Site Health page (Debug Toolkit > Site’s Health). The check reports:

Whether wp-config.php is currently writable
Whether WPDT can elevate permissions

Use the Test Write Access button to perform a non-destructive test. WPDT checks whether the file is writable with is_writable() and tests whether chmod() can elevate permissions. It does not write to the file. This confirms whether the toggle switches will work on your host.

Hosting compatibility

Host	Permission elevation	Notes
Most shared hosting	Works	PHP typically owns WordPress files
VPS / dedicated	Works	Standard ownership model
GridPane	Not needed	WPDT writes to `secure-debug.php`, which is writable
Flywheel	Does not work	Platform-level lockdown; use Flywheel’s debug toggle

Manual fallback

If permission elevation fails and you cannot use a hosting dashboard to toggle debug constants:

Connect via SFTP
Download wp-config.php
Add or modify the constants manually:

define('WP_DEBUG', true);
define('WP_DEBUG_LOG', true);
define('WP_DEBUG_DISPLAY', false);

Upload the file back

After enabling debug logging manually, all other WPDT features (viewer, log reading, query monitoring, notifications) work normally.