[wp-hackers] Backup plugin and writability

Elliotte Harold elharo at metalab.unc.edu
Sun Jan 8 22:24:34 GMT 2006


David House wrote:
> On 08/01/06, Elliotte Harold <elharo at metalab.unc.edu> wrote:
>> I'm very nervous about making directories world writable just so
>> WordPress can muck with them.
> 
> They don't need to be world-writeable, just writeable by the web
> server. chgrp them to your Apache group, then chmod -R g+w wp-content.

That doesn't really assuage my fears. My server's basically a single 
user box. If anyone gets through and logs in besides me, chances are I'm 
already hosed. But mostly everything's pretty solidly firewalled off. 
So, barring breaking and entering to get physical access to my box, the 
one real point of attack is the web server and WordPress. If someone 
manages to get into the web server or Wordpress somehow, I'd like to 
know that they couldn't thereby start defacing my web site or sneakily 
modifying the code in WordPress.

-- 
Elliotte Rusty Harold  elharo at metalab.unc.edu
XML in a Nutshell 3rd Edition Just Published!
http://www.cafeconleche.org/books/xian3/
http://www.amazon.com/exec/obidos/ISBN=0596007647/cafeaulaitA/ref=nosim


More information about the wp-hackers mailing list