[Cialug] OT Wordpress
Barry Von Ahsen
barry at vonahsen.com
Wed Feb 16 11:40:53 CST 2011
dude, that is awesome. I had the same problem I think Todd was having
(why would you push updates to me when it would be _way_ easier to pull
them?!?!), and that (seems to) solve it
-barry
Theron Conrey wrote:
> Not going to lie, I was so tardy in upgrading some of my (just for Kenny)
> wOrDpReSs installs due to time I just switched to http upgrades for my base
> wordpress upgrades. plugins I tend to do manually, but base
> security vulnerabilities are quickly exploited in the wild.
>
> to use http upgrades to your base wordpress installs just add
> define(’FS_METHOD’,’direct'); to your wp-config.php
>
>
> -Theron
>
>
> On Tue, Feb 15, 2011 at 9:23 AM, Kenneth Younger <kenny at sheerfocus.com>wrote:
>
>> Yes, this *generally* works if you are managing the entire install without
>> allowing user intervention.
>>
>> The other issue you can run into is with certain plugins that have to write
>> to disk. For example, you almost certainly will want to install some sort of
>> caching plugin (W3 Total Cache or SuperCache) - these need access to write
>> to disk in certain places.
>>
>> I'm also going to be a stickler and mention that it's "WordPress" not
>> "Wordpress" :)
>>
>> -Kenny
>>
>>
>> On Tue, Feb 15, 2011 at 8:58 AM, Josh More <MoreJ at alliancetechnologies.net
>>> wrote:
>>> You can get the best of both worlds by writing a shell script that
>>> applies and removes write capabilities of the entire Wordpress tree to the
>>> Apache user. Your choice as to whether it's easier to do a recursive chmod
>>> or chown. There will probably be some directories that you want to keep
>>> writable the whole time.
>>>
>>> You can then launch this script to give your user write access, apply
>>> updates and launch it again to take that write access away.
>>>
>>> No stored credentials anywhere and you can keep things up to date with a
>>> minimum of fuss and bother.
>>>
>>> Josh More | Senior Security Consultant - CISSP, GIAC-GSLC Gold,
>>> GIAC-GCIH
>>> Alliance Technologies | www.AllianceTechnologies.net
>>> 400 Locust St., Suite 840 | Des Moines, IA 50309
>>> 515.245.7701 | 888.387.5670 x7701
>>>
>>> Blog: Not The Usual Security Predictions: 2011
>>> http://www.alliancetechnologies.net/blogs/morej
>>>
>>> How are we doing? Let us know here:
>>>
>>> http://www.alliancetechnologies.net/forms/alliance-technologies-feedback-survey
>>> ------------------------------
>>> *From:* cialug-bounces at cialug.org [cialug-bounces at cialug.org] on behalf
>>> of Matthew Nuzum [newz at bearfruit.org]
>>> *Sent:* Tuesday, February 15, 2011 08:29
>>> *To:* Central Iowa Linux Users Group
>>> *Subject:* Re: [Cialug] OT Wordpress
>>>
>>> Carefully consider Kenneth's answer. Wordpress has a few mechanisms to
>>> make it easy for people to keep it up to date. FTP is only one. And, to be
>>> honest, an out of date wordpress installation is probably less secure than
>>> FTP credentials stored in the database.
>>>
>>> On Tue, Feb 15, 2011 at 7:43 AM, Todd Walton <tdwalton at gmail.com> wrote:
>>>
>>>> On Mon, Feb 14, 2011 at 9:04 PM, kristau <kristau at gmail.com> wrote:
>>>>> If you have shell access to the host, just use scp to upload the
>>>>> files, then manage them through an ssh session. Yes, it isn't as
>>>>> convenient as doing this through the browser, but it is much more
>>>>> secure.
>>>> That's what I've been doing. I was hoping that there was some way to
>>>> make the convenient method secure.
>>>>
>>>> --
>>>> Todd
>>>> _______________________________________________
>>>> Cialug mailing list
>>>> Cialug at cialug.org
>>>> http://cialug.org/mailman/listinfo/cialug
>>>>
>>>
>>>
>>> --
>>> Matthew Nuzum
>>> newz2000 on freenode, skype, linkedin, identi.ca and twitter
>>>
>>> "An investment in knowledge pays the best interest." -Benjamin Franklin
>>>
>>>
>>> _______________________________________________
>>> Cialug mailing list
>>> Cialug at cialug.org
>>> http://cialug.org/mailman/listinfo/cialug
>>>
>>>
>>
>> --
>> Kenneth Younger III
>> Founder, Sheer Focus Inc.
>> Organizer, WordCamp Iowa
>> e: kenny at sheerfocus.com
>> p: (515) 367-0001
>> t: @kenny <http://twitter.com/kenny>
>>
>> _______________________________________________
>> Cialug mailing list
>> Cialug at cialug.org
>> http://cialug.org/mailman/listinfo/cialug
>>
>>
>
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> Cialug mailing list
> Cialug at cialug.org
> http://cialug.org/mailman/listinfo/cialug
More information about the Cialug
mailing list