[wp-trac] [WordPress Trac] #17277: Security needs need to be clearly documented

WordPress Trac wp-trac at lists.automattic.com
Fri Apr 29 14:20:43 UTC 2011

#17277: Security needs need to be clearly documented
 Reporter:  novasource       |      Owner:
     Type:  defect (bug)     |     Status:  new
 Priority:  normal           |  Milestone:  Awaiting Review
Component:  Upgrade/Install  |    Version:  3.1
 Severity:  normal           |   Keywords:
 Since WordPress now has self-updating capabilities, most, possibly all, of
 WordPress files need to be writable by the Apache process.

 http://codex.wordpress.org/Changing_File_Permissions makes no mention of
 permissions that allow self-updating. Following that pages's advice
 literally, the updater process would always fail to update and take people
 to that goofy "enter your FTP credentials" page.

 Some Google searching does not come up with a definitive answer.

 For the sake of communicating best practices, please update
 http://codex.wordpress.org/Changing_File_Permissions so that it explains
 the recommended permissions needed to auto-update WordPress.

Ticket URL: <http://core.trac.wordpress.org/ticket/17277>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software

More information about the wp-trac mailing list