[wp-hackers] Backup plugin and writability
elharo at metalab.unc.edu
Sun Jan 8 22:24:34 GMT 2006
David House wrote:
> On 08/01/06, Elliotte Harold <elharo at metalab.unc.edu> wrote:
>> I'm very nervous about making directories world writable just so
>> WordPress can muck with them.
> They don't need to be world-writeable, just writeable by the web
> server. chgrp them to your Apache group, then chmod -R g+w wp-content.
That doesn't really assuage my fears. My server's basically a single
user box. If anyone gets through and logs in besides me, chances are I'm
already hosed. But mostly everything's pretty solidly firewalled off.
So, barring breaking and entering to get physical access to my box, the
one real point of attack is the web server and WordPress. If someone
manages to get into the web server or Wordpress somehow, I'd like to
know that they couldn't thereby start defacing my web site or sneakily
modifying the code in WordPress.
Elliotte Rusty Harold elharo at metalab.unc.edu
XML in a Nutshell 3rd Edition Just Published!
More information about the wp-hackers