Not going to lie, I was so tardy in upgrading some of my (just for Kenny) wOrDpReSs installs due to time I just switched to http upgrades for my base wordpress upgrades. plugins I tend to do manually, but base security vulnerabilities are quickly exploited in the wild.<div>
<br></div><div><span class="Apple-style-span" style="color: rgb(51, 51, 51); font-family: 'Lucida Grande', sans-serif; font-size: 14px; line-height: 16px; "><span class="status-content" style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; padding-top: 0px; padding-right: 0px; padding-bottom: 0px; padding-left: 0px; overflow-x: hidden; overflow-y: hidden; "><span class="entry-content" style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; padding-top: 0px; padding-right: 0px; padding-bottom: 0px; padding-left: 0px; ">to use http upgrades to your base wordpress installs just add define(’FS_METHOD’,’direct'); to your wp-config.php </span></span></span></div>
<div><font class="Apple-style-span" color="#333333" face="'Lucida Grande', sans-serif"><span class="Apple-style-span" style="font-size: 14px; line-height: 16px;"><br></span></font></div><div><font class="Apple-style-span" color="#333333" face="'Lucida Grande', sans-serif"><span class="Apple-style-span" style="font-size: 14px; line-height: 16px;"><br>
</span></font></div><div><font class="Apple-style-span" color="#333333" face="'Lucida Grande', sans-serif"><span class="Apple-style-span" style="font-size: 14px; line-height: 16px;">-Theron</span></font></div><div>
<span class="status-content" style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; padding-top: 0px; padding-right: 0px; padding-bottom: 0px; padding-left: 0px; overflow-x: hidden; overflow-y: hidden; "><span class="entry-content" style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px; padding-top: 0px; padding-right: 0px; padding-bottom: 0px; padding-left: 0px; "></span></span><font class="Apple-style-span" color="#333333" face="'Lucida Grande', sans-serif"><span class="Apple-style-span" style="font-size: 14px; line-height: 16px;"><br>
</span></font><br><div class="gmail_quote">On Tue, Feb 15, 2011 at 9:23 AM, Kenneth Younger <span dir="ltr"><<a href="mailto:kenny@sheerfocus.com">kenny@sheerfocus.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">
Yes, this *generally* works if you are managing the entire install without allowing user intervention. <br><br>The other issue you can run into is with certain plugins that have to write to disk. For example, you almost certainly will want to install some sort of caching plugin (W3 Total Cache or SuperCache) - these need access to write to disk in certain places.<br>
<br>I'm also going to be a stickler and mention that it's "WordPress" not "Wordpress" :)<br><br>-Kenny<div><div></div><div class="h5"><br><br><div class="gmail_quote">On Tue, Feb 15, 2011 at 8:58 AM, Josh More <span dir="ltr"><<a href="mailto:MoreJ@alliancetechnologies.net" target="_blank">MoreJ@alliancetechnologies.net</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0pt 0pt 0pt 0.8ex;border-left:1px solid rgb(204, 204, 204);padding-left:1ex">
<div>
<div style="direction:ltr;font-family:Verdana;color:rgb(0, 0, 0);font-size:13px">
<div>You can get the best of both worlds by writing a shell script that applies and removes write capabilities of the entire Wordpress tree to the Apache user. Your choice as to whether it's easier to do a recursive chmod or chown. There will probably
be some directories that you want to keep writable the whole time.<br>
<br>
You can then launch this script to give your user write access, apply updates and launch it again to take that write access away.<br>
<br>
No stored credentials anywhere and you can keep things up to date with a minimum of fuss and bother.<br>
</div>
<div><br>
<div style="font-family:Tahoma;font-size:13px">
<div style="font-family:Tahoma;font-size:13px">
<div style="font-family:Tahoma;font-size:13px">
<div style="font-family:Verdana;font-size:13px">
<div style="font-size:13px">
<div style="font-size:13px">
<div style="font-size:13px">
<div style="font-size:13px"><font size="3"><span style="font-weight:bold">Josh More</span></font> | Senior Security Consultant - CISSP, GIAC-GSLC Gold, GIAC-GCIH<br>
<span style="font-weight:bold">Alliance Technologies</span> | <a href="http://www.AllianceTechnologies.net" style="color:rgb(255, 0, 0)" target="_blank">
www.AllianceTechnologies.net</a><br>
400 Locust St., Suite 840 | Des Moines, IA 50309<br>
515.245.7701 | 888.387.5670 x7701<br>
<br>
Blog: Not The Usual Security Predictions: 2011<br>
<a href="http://www.alliancetechnologies.net/blogs/morej" style="color:rgb(255, 0, 0)" target="_blank">http://www.alliancetechnologies.net/blogs/morej</a><br>
<br>
How are we doing? Let us know here:<br>
<a href="http://www.alliancetechnologies.net/forms/alliance-technologies-feedback-survey" target="_blank">http://www.alliancetechnologies.net/forms/alliance-technologies-feedback-survey</a><br>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
<div style="font-family:Times New Roman;color:rgb(0, 0, 0);font-size:16px">
<hr>
<div style="direction:ltr"><font color="#000000" face="Tahoma" size="2"><b>From:</b> <a href="mailto:cialug-bounces@cialug.org" target="_blank">cialug-bounces@cialug.org</a> [<a href="mailto:cialug-bounces@cialug.org" target="_blank">cialug-bounces@cialug.org</a>] on behalf of Matthew Nuzum [<a href="mailto:newz@bearfruit.org" target="_blank">newz@bearfruit.org</a>]<br>
<b>Sent:</b> Tuesday, February 15, 2011 08:29<br>
<b>To:</b> Central Iowa Linux Users Group<br>
<b>Subject:</b> Re: [Cialug] OT Wordpress<br>
</font><br>
</div><div><div></div><div>
<div></div>
<div>Carefully consider Kenneth's answer. Wordpress has a few mechanisms to make it easy for people to keep it up to date. FTP is only one. And, to be honest, an out of date wordpress installation is probably less secure than FTP credentials stored in the database.
<div><br>
<div class="gmail_quote">On Tue, Feb 15, 2011 at 7:43 AM, Todd Walton <span dir="ltr">
<<a href="mailto:tdwalton@gmail.com" target="_blank">tdwalton@gmail.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0pt 0pt 0pt 0.8ex;border-left:1px solid rgb(204, 204, 204);padding-left:1ex">
<div>On Mon, Feb 14, 2011 at 9:04 PM, kristau <<a href="mailto:kristau@gmail.com" target="_blank">kristau@gmail.com</a>> wrote:<br>
> If you have shell access to the host, just use scp to upload the<br>
> files, then manage them through an ssh session. Yes, it isn't as<br>
> convenient as doing this through the browser, but it is much more<br>
> secure.<br>
<br>
</div>
That's what I've been doing. I was hoping that there was some way to<br>
make the convenient method secure.<br>
<div>
<div></div>
<div><br>
--<br>
Todd<br>
_______________________________________________<br>
Cialug mailing list<br>
<a href="mailto:Cialug@cialug.org" target="_blank">Cialug@cialug.org</a><br>
<a href="http://cialug.org/mailman/listinfo/cialug" target="_blank">http://cialug.org/mailman/listinfo/cialug</a><br>
</div>
</div>
</blockquote>
</div>
<br>
<br clear="all">
<br>
-- <br>
Matthew Nuzum<br>
newz2000 on freenode, skype, linkedin, <a href="http://identi.ca" target="_blank">
identi.ca</a> and twitter<br>
<br>
"An investment in knowledge pays the best interest." -Benjamin Franklin <br>
<br>
</div>
</div>
</div></div></div>
</div>
</div>
<br>_______________________________________________<br>
Cialug mailing list<br>
<a href="mailto:Cialug@cialug.org" target="_blank">Cialug@cialug.org</a><br>
<a href="http://cialug.org/mailman/listinfo/cialug" target="_blank">http://cialug.org/mailman/listinfo/cialug</a><br>
<br></blockquote></div><br><br clear="all"><br>-- <br></div></div><div><div></div><div class="h5"><font color="#888888">Kenneth Younger III<br>Founder, Sheer Focus Inc.<br>Organizer,
WordCamp Iowa<br>e: <a href="mailto:kenny@sheerfocus.com" target="_blank">kenny@sheerfocus.com</a><br>p: (515) 367-0001<br>t: <a href="http://twitter.com/kenny" target="_blank">@kenny</a></font><br>
</div></div><br>_______________________________________________<br>
Cialug mailing list<br>
<a href="mailto:Cialug@cialug.org">Cialug@cialug.org</a><br>
<a href="http://cialug.org/mailman/listinfo/cialug" target="_blank">http://cialug.org/mailman/listinfo/cialug</a><br>
<br></blockquote></div><br></div>