[wp-hackers] WP-Manage: Automatic WP backups and upgrades with PHP

Ryan Duff ryan at ryanduff.net
Fri Jan 19 18:00:35 GMT 2007


Maybe I'm not clear on this, but it seems to me that he said  
(multiple times) that you only need to change the perms the *first  
time* You keep taking about changing, upgrading, and changing back  
and I think this is not the case. That would be more useless than  
doing a manual upgrade.

I think he clearly stated that you open the permissions the first  
time, the web server takes over as owner and grants only itself write  
permission so it's not open globally. Thereafter, any time you go in  
and click "upgrade" the script has the correct permissions to run,   
yet it's still secure from outside sources having write access to  
those folders.

Quoting Alex:
"Yes, I'm aware of this. But as soon you run the upgrade, the files in
wp-admin/ and wp-includes/ (and the WP files in the base directory) are
taken over by the webserver and will be protected again. This is why I
recommend to only make them writable directly before running the upgrade
routine for the first time (see under "Security" on the homepage)."

Maybe a quick glance over http://www.zirona.com/software/wp- 
manage#security would be useful

Ryan Duff
web: http://ryanduff.net
aim: ryancduff

On Jan 19, 2007, at 12:31 PM, Aaron Brazell wrote:

> I was going to stay out as I had made my comments but there's just  
> something else I need to say. :-) All in the spirit of dialogue,  
> right?
> This tool assumes you're responsible for the upgrades, right? I'm  
> not clear on this.
> If you are responsible for the upgrades then you have to manually  
> login (via FTP, SSH whatever) to change perms. Then you run the  
> script. Then you log back in and change perms again. Theoretically  
> you remember all the various passwords, but perhaps you don't and  
> have to fish around through emails or god forbid find the password  
> on the post it note taped to the bottom of your keyboard. My point  
> is that this is not really an efficient way even if it just is a  
> right click, properties, chmod 777.
> Being that I'm not clear if this is intended for the person  
> responsible for all the upgrades (i.e. you) or if it's left to Dr.  
> Mike's soccer moms to do, let's take the other approach. The soccer  
> mom's have to upgrade. Okay, so now how do you teach THEM to chmod  
> their directories and then chmod them back when they are done.
> I don't want to ruin your enthusiasm. I love options and I love  
> Brian's script and the idea behind yours. Anything that makes  
> automation better is the way to go in my book. I live this  
> philosophy and am always learning new things. So don't  
> misunderstand me.
> With the shell script, assuming you are the one responsible for all  
> these upgrades on different servers, why can't you just modify a  
> script (or write your own) that uses PHP's FTP functions. Then you  
> can automate the whole thing with a click of the button and you  
> don't have to worry about the soccer mom's screwing things up, or  
> having to go through and remember passwords, click around, maybe  
> click on the wrong things, etc. It eliminates the fallible human  
> modus operandi (which I'm thrilled to have used in a sentence for  
> the second time this week) that makes mistakes.
> Food for thought.
> --
> Aaron Brazell
> Technology Architect, b5media
> "A Global New Media Company"
> web:: www.b5media.com, www.technosailor.com
> phone:: 410-608-6620
> skype:: technosailor
> On Jan 19, 2007, at 9:23 AM, Alex Günsche wrote:
>> * If she isn't admin, give her the "import" capability via  
>> RoleManager.
>> How could it be easier? Or would you (your employees) do it yourself
>> each time? Or don't you do the upgrades and backups at all,  
>> leaving it
>> to the customer? Please enlighten me. ;-)
>> As I mentioned before, I also know and apprechiate the shell script
>> method. But this one is a different approach. By the way, there is  
>> also
>> the mysqldump command line tool, still do people use phpMyAdmin  
>> and the
>> WP-Backup plugin. ;-)
> _______________________________________________
> wp-hackers mailing list
> wp-hackers at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-hackers

More information about the wp-hackers mailing list