[wp-hackers] Backup plugin and writability
David House
dmhouse at gmail.com
Sun Jan 8 22:31:24 GMT 2006
On 08/01/06, Elliotte Harold <elharo at metalab.unc.edu> wrote:
> That doesn't really assuage my fears. My server's basically a single
> user box. If anyone gets through and logs in besides me, chances are I'm
> already hosed. But mostly everything's pretty solidly firewalled off.
> So, barring breaking and entering to get physical access to my box, the
> one real point of attack is the web server and WordPress. If someone
> manages to get into the web server or Wordpress somehow, I'd like to
> know that they couldn't thereby start defacing my web site or sneakily
> modifying the code in WordPress.
Okay, so chown them to your apache and set some insane permissions
like 600. You can't ask for more than that: WordPress _has_ to be able
to write to the dirs for things like the cache and image uploading to
work, there's no getting around that. Incidentally though, things in
wp-content and .htaccess are the only things that need to be
server-writeable.
--
-David House, dmhouse at gmail.com, http://xmouse.ithium.net
More information about the wp-hackers
mailing list