[Cialug] OT Wordpress
Josh More
MoreJ at alliancetechnologies.net
Tue Feb 15 08:58:25 CST 2011
You can get the best of both worlds by writing a shell script that applies and removes write capabilities of the entire Wordpress tree to the Apache user. Your choice as to whether it's easier to do a recursive chmod or chown. There will probably be some directories that you want to keep writable the whole time.
You can then launch this script to give your user write access, apply updates and launch it again to take that write access away.
No stored credentials anywhere and you can keep things up to date with a minimum of fuss and bother.
Josh More | Senior Security Consultant - CISSP, GIAC-GSLC Gold, GIAC-GCIH
Alliance Technologies | www.AllianceTechnologies.net<http://www.AllianceTechnologies.net>
400 Locust St., Suite 840 | Des Moines, IA 50309
515.245.7701 | 888.387.5670 x7701
Blog: Not The Usual Security Predictions: 2011
http://www.alliancetechnologies.net/blogs/morej
How are we doing? Let us know here:
http://www.alliancetechnologies.net/forms/alliance-technologies-feedback-survey
________________________________
From: cialug-bounces at cialug.org [cialug-bounces at cialug.org] on behalf of Matthew Nuzum [newz at bearfruit.org]
Sent: Tuesday, February 15, 2011 08:29
To: Central Iowa Linux Users Group
Subject: Re: [Cialug] OT Wordpress
Carefully consider Kenneth's answer. Wordpress has a few mechanisms to make it easy for people to keep it up to date. FTP is only one. And, to be honest, an out of date wordpress installation is probably less secure than FTP credentials stored in the database.
On Tue, Feb 15, 2011 at 7:43 AM, Todd Walton <tdwalton at gmail.com<mailto:tdwalton at gmail.com>> wrote:
On Mon, Feb 14, 2011 at 9:04 PM, kristau <kristau at gmail.com<mailto:kristau at gmail.com>> wrote:
> If you have shell access to the host, just use scp to upload the
> files, then manage them through an ssh session. Yes, it isn't as
> convenient as doing this through the browser, but it is much more
> secure.
That's what I've been doing. I was hoping that there was some way to
make the convenient method secure.
--
Todd
_______________________________________________
Cialug mailing list
Cialug at cialug.org<mailto:Cialug at cialug.org>
http://cialug.org/mailman/listinfo/cialug
--
Matthew Nuzum
newz2000 on freenode, skype, linkedin, identi.ca<http://identi.ca> and twitter
"An investment in knowledge pays the best interest." -Benjamin Franklin
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cialug.org/pipermail/cialug/attachments/20110215/7e7e1641/attachment-0001.html>
More information about the Cialug
mailing list