[wp-hackers] Security in wordpress
mailing at markoheijnen.nl
Fri May 7 14:42:03 UTC 2010
It simply doesn't matter who ownes it because most host apache runs
under his own user.
I think most host don't use suphp because it probably cost extra
memory since the apache process runs for an specific user.
Op 7 mei 2010, om 16:35 heeft Otto het volgende geschreven:
> I would say that making your files owned by the nobody user is not
> particularly safe.
> It'd be better to set your server up to use suphp or setuid on your
> PHP setup, so as to make the PHP process run as the user who owns the
> website files. Then as long as that user is separated from everything
> else on the system, the process can't reach outside the websites own
> On Fri, May 7, 2010 at 9:27 AM, Ash Goodman <ash at thinkinginvain.com>
>> Hi everyone,
>> I recently had a 2 different server get hacked. One by way of a
>> letting someone else get hold of their FTP credentials and
>> following that
>> via folder permissions.
>> I would like to set my server up so that the FTP credentials are not
>> required for wordpress and plugin updates as shown here:
>> This also seems to eliminate the problem of needing to 777 the
>> folder in order to upload images.
>> Is this safe to do or is it only going to cause other security
>> and/or cause problems with wordpress?
> wp-hackers mailing list
> wp-hackers at lists.automattic.com
More information about the wp-hackers