[wp-trac] [WordPress Trac] #17277: Security needs need to be clearly documented

WordPress Trac wp-trac at lists.automattic.com
Fri Apr 29 14:57:08 UTC 2011


#17277: Security needs need to be clearly documented
--------------------------------+------------------------------
 Reporter:  novasource          |       Owner:
     Type:  enhancement         |      Status:  new
 Priority:  normal              |   Milestone:  Awaiting Review
Component:  WordPress.org site  |     Version:
 Severity:  normal              |  Resolution:
 Keywords:  needs-codex         |
--------------------------------+------------------------------

Comment (by novasource):

 I may have found my answer, but the codex is conflicted.

 http://codex.wordpress.org/Updating_WordPress#Automatic_Update says:
   Note that your files all need to be owned by the user under which your
 Apache server executes, or you will receive a dialog box asking for
 "connection information," and you will find that no matter what you enter,
 you won't be able to update.

 However,
 http://codex.wordpress.org/Changing_File_Permissions#Permission_Scheme_for_WordPress
 says:
   All files should be owned by your user account on your web server, and
 should be writable by your username. Files should never be owned by the
 webserver process itself (sometimes this is www, or apache, or nobody).
 ... Any file that needs write access from WordPress should be group-owned
 by the user account used by the webserver.

 Contradictory.

-- 
Ticket URL: <http://core.trac.wordpress.org/ticket/17277#comment:2>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software


More information about the wp-trac mailing list