0

I am switching to one or RackSpace's cloud servers, and I got it up and running fine. The problem is that one of my websites use WordPress. For WordPress to be able to automatically update, or upload files, it needs to have access.

Some articles on the web say I should chown the folder:

chown -R www-data /var/www/path_to_wordpress

I've read a lot of articles online that says this is not secure. I also have a problem uploading files via FTP because by chown, I'm no longer the owner.

Can anyone recommend a solid solution for me.

WebDevDude
  • 151
  • 2
  • 7

1 Answers1

1

The thing you have to realize is that with web-hosting there is no 100% secure option. You can choose to have file-system permissions that are more permissive, or you can choose to make it easy to keep Wordpress up-to-date. An out-of-date copy of Wordpress represents a real possibility of having your system exploited. The filesystem permissions are a second-layer defense, to protect you in the case that some application you are hosting can be exploited.

Ideally you would do all your testing and auto-updating on a dev/testing box, then periodically upload that to the production server, but this isn't always feasible for smaller sites.

What you need to decide is can you manually upgrade, and will you actually perform the manual upgrades. If the answer is no, then you are probably better off setting up the so that you can perform the updates via the web.

Whatever choice you pick, just make sure you have a good backup system in place.

As for the ftp permissions issue. See this question. You need to do basically the same thing I suggest there, just set the owner as www-data and the group as www-pub.

Zoredache
  • 128,755
  • 40
  • 271
  • 413