Paranoid WordPress

This is just going to be a quick post.

This blog is hosted on WordPress. I am making this post as I just updated WordPress just the other day. It’s nice to be able to do it right in the admin site. To do this you will need to change the file permissions of the WordPress install. Many times in the forum any questions regarding file permissions will have some responses to set the folders to 755 or even worse 777 with the webserver user being the owner. This will allow the person who has taken over your site to do whatever they want inside your wordpress install.

If you have ssh access to your site you can create a little script which will allow you to switch back and forth easily. First set the owner of all the files to some user who has no access. Then make www-data (or whatever your webserver user is) the group. Then change the permissions to 640 or 644 on all the folders. I even do this on my uploads folder, so I have to run this script every time I add any media. The webserver user will only have read access, so if you are compromised they should not be able to add/edit anything on your server. You can then use these two scripts:

site-upgrade

sudo chown -R www-data:www-data /www/wordpress/ #where ever wordpress is

site-normal

sudo chown -R user:www-data /www/wordpress/ #set it back to the original user

What’s nice about this is that you just change the owner. Run site-upgrade, upgrade the site, upgrade your plugins, and then run site-normal. It is one extra step, but it gives peace of mind to any paranoid WordPress admins.


Enjoyed the article?

Then I guarantee that you will find my video series useful and enjoyable. The course focuses on taking someone completely new to Node.js and giving them a great foundation to start building real applications. The course is named The Complete Guide to Node.js.

Feel comfortable with Node.js and want to build web applications? Then you will find my other video series useful. It is named Building Complex Express Sites with Redis and Socket.io

I also have a book! It covers Node.js, Express, Passport, Socket.IO, Redis, RabbitMQ, React, Backbone, Grunt, and Ansible. All in one book! It is called Building Scalable Apps with Redis and Node.js.

Receive tips on Node.js, Python, and more