[wp-hackers] Security in wordpress
Marko Heijnen
mailing at markoheijnen.nl
Fri May 7 14:42:03 UTC 2010
It simply doesn't matter who ownes it because most host apache runs
under his own user.
I think most host don't use suphp because it probably cost extra
memory since the apache process runs for an specific user.
Op 7 mei 2010, om 16:35 heeft Otto het volgende geschreven:
> I would say that making your files owned by the nobody user is not
> particularly safe.
>
> It'd be better to set your server up to use suphp or setuid on your
> PHP setup, so as to make the PHP process run as the user who owns the
> website files. Then as long as that user is separated from everything
> else on the system, the process can't reach outside the websites own
> directory.
>
> -Otto
>
>
>
> On Fri, May 7, 2010 at 9:27 AM, Ash Goodman <ash at thinkinginvain.com>
> wrote:
>> Hi everyone,
>>
>> I recently had a 2 different server get hacked. One by way of a
>> clients
>> letting someone else get hold of their FTP credentials and
>> following that
>> via folder permissions.
>>
>> I would like to set my server up so that the FTP credentials are not
>> required for wordpress and plugin updates as shown here:
>> http://robspencer.net/auto-update-wordpress-without-ftp/
>>
>> This also seems to eliminate the problem of needing to 777 the
>> uploads
>> folder in order to upload images.
>>
>> Is this safe to do or is it only going to cause other security
>> problems
>> and/or cause problems with wordpress?
> _______________________________________________
> wp-hackers mailing list
> wp-hackers at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-hackers
More information about the wp-hackers
mailing list