[Cialug] OT Wordpress
Theron Conrey
theron at conrey.org
Tue Feb 15 09:55:10 CST 2011
Not going to lie, I was so tardy in upgrading some of my (just for Kenny)
wOrDpReSs installs due to time I just switched to http upgrades for my base
wordpress upgrades. plugins I tend to do manually, but base
security vulnerabilities are quickly exploited in the wild.
to use http upgrades to your base wordpress installs just add
define(’FS_METHOD’,’direct'); to your wp-config.php
-Theron
On Tue, Feb 15, 2011 at 9:23 AM, Kenneth Younger <kenny at sheerfocus.com>wrote:
> Yes, this *generally* works if you are managing the entire install without
> allowing user intervention.
>
> The other issue you can run into is with certain plugins that have to write
> to disk. For example, you almost certainly will want to install some sort of
> caching plugin (W3 Total Cache or SuperCache) - these need access to write
> to disk in certain places.
>
> I'm also going to be a stickler and mention that it's "WordPress" not
> "Wordpress" :)
>
> -Kenny
>
>
> On Tue, Feb 15, 2011 at 8:58 AM, Josh More <MoreJ at alliancetechnologies.net
> > wrote:
>
>> You can get the best of both worlds by writing a shell script that
>> applies and removes write capabilities of the entire Wordpress tree to the
>> Apache user. Your choice as to whether it's easier to do a recursive chmod
>> or chown. There will probably be some directories that you want to keep
>> writable the whole time.
>>
>> You can then launch this script to give your user write access, apply
>> updates and launch it again to take that write access away.
>>
>> No stored credentials anywhere and you can keep things up to date with a
>> minimum of fuss and bother.
>>
>> Josh More | Senior Security Consultant - CISSP, GIAC-GSLC Gold,
>> GIAC-GCIH
>> Alliance Technologies | www.AllianceTechnologies.net
>> 400 Locust St., Suite 840 | Des Moines, IA 50309
>> 515.245.7701 | 888.387.5670 x7701
>>
>> Blog: Not The Usual Security Predictions: 2011
>> http://www.alliancetechnologies.net/blogs/morej
>>
>> How are we doing? Let us know here:
>>
>> http://www.alliancetechnologies.net/forms/alliance-technologies-feedback-survey
>> ------------------------------
>> *From:* cialug-bounces at cialug.org [cialug-bounces at cialug.org] on behalf
>> of Matthew Nuzum [newz at bearfruit.org]
>> *Sent:* Tuesday, February 15, 2011 08:29
>> *To:* Central Iowa Linux Users Group
>> *Subject:* Re: [Cialug] OT Wordpress
>>
>> Carefully consider Kenneth's answer. Wordpress has a few mechanisms to
>> make it easy for people to keep it up to date. FTP is only one. And, to be
>> honest, an out of date wordpress installation is probably less secure than
>> FTP credentials stored in the database.
>>
>> On Tue, Feb 15, 2011 at 7:43 AM, Todd Walton <tdwalton at gmail.com> wrote:
>>
>>> On Mon, Feb 14, 2011 at 9:04 PM, kristau <kristau at gmail.com> wrote:
>>> > If you have shell access to the host, just use scp to upload the
>>> > files, then manage them through an ssh session. Yes, it isn't as
>>> > convenient as doing this through the browser, but it is much more
>>> > secure.
>>>
>>> That's what I've been doing. I was hoping that there was some way to
>>> make the convenient method secure.
>>>
>>> --
>>> Todd
>>> _______________________________________________
>>> Cialug mailing list
>>> Cialug at cialug.org
>>> http://cialug.org/mailman/listinfo/cialug
>>>
>>
>>
>>
>> --
>> Matthew Nuzum
>> newz2000 on freenode, skype, linkedin, identi.ca and twitter
>>
>> "An investment in knowledge pays the best interest." -Benjamin Franklin
>>
>>
>> _______________________________________________
>> Cialug mailing list
>> Cialug at cialug.org
>> http://cialug.org/mailman/listinfo/cialug
>>
>>
>
>
> --
> Kenneth Younger III
> Founder, Sheer Focus Inc.
> Organizer, WordCamp Iowa
> e: kenny at sheerfocus.com
> p: (515) 367-0001
> t: @kenny <http://twitter.com/kenny>
>
> _______________________________________________
> Cialug mailing list
> Cialug at cialug.org
> http://cialug.org/mailman/listinfo/cialug
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cialug.org/pipermail/cialug/attachments/20110215/3d33f50f/attachment-0001.html>
More information about the Cialug
mailing list