[wp-hackers] Security in wordpress

Ash Goodman ash at thinkinginvain.com
Fri May 7 14:27:52 UTC 2010


Hi everyone,

I recently had a 2 different server get hacked. One by way of a clients
letting someone else get hold of their FTP credentials and following that
via folder permissions.

I would like to set my server up so that the FTP credentials are not
required for wordpress and plugin updates as shown here:
http://robspencer.net/auto-update-wordpress-without-ftp/

This also seems to eliminate the problem of needing to 777 the uploads
folder in order to upload images.

Is this safe to do or is it only going to cause other security problems
and/or cause problems with wordpress?

Thanks!

Ash


More information about the wp-hackers mailing list