[Cialug] OT Wordpress

Kenneth Younger kenny at sheerfocus.com
Tue Feb 15 09:23:02 CST 2011


Yes, this *generally* works if you are managing the entire install without
allowing user intervention.

The other issue you can run into is with certain plugins that have to write
to disk. For example, you almost certainly will want to install some sort of
caching plugin (W3 Total Cache or SuperCache) - these need access to write
to disk in certain places.

I'm also going to be a stickler and mention that it's "WordPress" not
"Wordpress" :)

-Kenny

On Tue, Feb 15, 2011 at 8:58 AM, Josh More
<MoreJ at alliancetechnologies.net>wrote:

>  You can get the best of both worlds by writing a shell script that
> applies and removes write capabilities of the entire Wordpress tree to the
> Apache user.  Your choice as to whether it's easier to do a recursive chmod
> or chown.  There will probably be some directories that you want to keep
> writable the whole time.
>
> You can then launch this script to give your user write access, apply
> updates and launch it again to take that write access away.
>
> No stored credentials anywhere and you can keep things up to date with a
> minimum of fuss and bother.
>
>     Josh More | Senior Security Consultant - CISSP, GIAC-GSLC Gold,
> GIAC-GCIH
> Alliance Technologies | www.AllianceTechnologies.net
> 400 Locust St., Suite 840 | Des Moines, IA 50309
> 515.245.7701 | 888.387.5670 x7701
>
> Blog: Not The Usual Security Predictions: 2011
> http://www.alliancetechnologies.net/blogs/morej
>
> How are we doing? Let us know here:
>
> http://www.alliancetechnologies.net/forms/alliance-technologies-feedback-survey
>      ------------------------------
> *From:* cialug-bounces at cialug.org [cialug-bounces at cialug.org] on behalf of
> Matthew Nuzum [newz at bearfruit.org]
> *Sent:* Tuesday, February 15, 2011 08:29
> *To:* Central Iowa Linux Users Group
> *Subject:* Re: [Cialug] OT Wordpress
>
>  Carefully consider Kenneth's answer. Wordpress has a few mechanisms to
> make it easy for people to keep it up to date. FTP is only one. And, to be
> honest, an out of date wordpress installation is probably less secure than
> FTP credentials stored in the database.
>
> On Tue, Feb 15, 2011 at 7:43 AM, Todd Walton <tdwalton at gmail.com> wrote:
>
>> On Mon, Feb 14, 2011 at 9:04 PM, kristau <kristau at gmail.com> wrote:
>> > If you have shell access to the host, just use scp to upload the
>> > files, then manage them through an ssh session. Yes, it isn't as
>> > convenient as doing this through the browser, but it is much more
>> > secure.
>>
>>  That's what I've been doing.  I was hoping that there was some way to
>> make the convenient method secure.
>>
>> --
>> Todd
>> _______________________________________________
>> Cialug mailing list
>> Cialug at cialug.org
>> http://cialug.org/mailman/listinfo/cialug
>>
>
>
>
> --
> Matthew Nuzum
> newz2000 on freenode, skype, linkedin, identi.ca and twitter
>
> "An investment in knowledge pays the best interest." -Benjamin Franklin
>
>
> _______________________________________________
> Cialug mailing list
> Cialug at cialug.org
> http://cialug.org/mailman/listinfo/cialug
>
>


-- 
Kenneth Younger III
Founder, Sheer Focus Inc.
Organizer, WordCamp Iowa
e: kenny at sheerfocus.com
p: (515) 367-0001
t: @kenny <http://twitter.com/kenny>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cialug.org/pipermail/cialug/attachments/20110215/7faa0d21/attachment.html>


More information about the Cialug mailing list