I have a few customers of my custom wordpress theme that are reporting that their sites have went down over the past few weeks due to a 500 internal server error. In each case, it appears that the htaccess file has been to blame.

In one case, the user's hosting company found a "_pvt/service.pwd" line in there that was apparently causing the problem.

In another instance, the hosting company indicated that a chron job appeared to be causing the issue and sent the user the following as evidence...

root@cherry [/home/login/public_html]# stat .htaccess File: `.htaccess.orig' Size: 587 Blocks: 8 IO Block: 4096 regular file Device: 811h/2065d Inode: 590021607 Links: 1 Access: (0644/-rw-r--r--) Uid: ( 2234/login) Gid: ( 2231/login) Access: 2010-03-07 16:42:01.000000000 -0600 Modify: 2010-03-26 09:15:15.000000000 -0500 Change: 2010-03-26 09:45:05.000000000 -0500

In yet another instance, the user reported this as the cause...

The permissions on my .index file somehow got changed to 777 instead of 644

I'm just seeking to help these users understand what's going on, the likely cause and how to prevent it. I also want to eliminate my theme as a potential contributing factor.

I have two areas in which I want to submit here to make sure that they are not likely to cause such an issue. They are my permalink rewrite code as well as my upgrade script (which sets 755 on the destination folder (my theme folder).

Here's the permalink rewrite code...

if (file_exists(ABSPATH.'/wp-admin/includes/taxonomy.php'))
    {
    require_once(ABSPATH.'/wp-admin/includes/taxonomy.php');
if(get_option('permalink_structure') !== "/%postname%/" || get_option('mycustomtheme_permalinks') !=="/%postname%/")
    {
    $mycustomtheme_permalinks = get_option('mycustomtheme_permalinks');
    require_once(ABSPATH . '/wp-admin/includes/misc.php');
    require_once(ABSPATH . '/wp-admin/includes/file.php');
    global $wp_rewrite;
    $wp_rewrite->set_permalink_structure($mycustomtheme_permalinks);
    $wp_rewrite->flush_rules();
    }
    if(!get_cat_ID('topMenu')){wp_create_category('topMenu');}
    if(!get_cat_ID('hidden')){wp_create_category('hidden');}        
    if(!get_cat_ID('noads')){wp_create_category('noads');}
    }
if (!is_dir(ABSPATH.'wp-content/uploads')) {
    mkdir(ABSPATH.'wp-content/uploads');
}

And here is the relevant lines from my uploader script...

// permission settings for newly created folders
$chmod = 0755;  

// Ensures that the correct file was chosen
$accepted_types = array('application/zip', 
                            'application/x-zip-compressed', 
                            'multipart/x-zip', 
                            'application/s-compressed');

foreach($accepted_types as $mime_type) {
    if($mime_type == $type)
        {
        $okay = true;
        break;
    } 
}

  //Safari and Chrome don't register zip mime types. Something better could be used here.
$okay = strtolower($name[1]) == 'zip' ? true: false;

if(!$okay) {
      die("This upgrader requires a zip file. Please make sure your file is a valid zip file with a .zip extension");       
}

//mkdir($target);
$saved_file_location = $target . $filename;

if(move_uploaded_file($source, $saved_file_location)) {
    openZip($saved_file_location);
} else {
    die("There was a problem. Sorry!");
}