New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
+1
thanks for the kind words, much appreciated!
I think I became kind of addicted to that filthy, drama-driven place named LET ;-)
after finding a lot of useful information between the dirt that's thrown around here I do find it appropriate to try and give something back, if I feel I know about or just ran into similar trouble before...
Very much appreciated in return! :-)
I got a new issue with the new settings....I can not upload files via FTP. Or I can with root user, but not any of the site users, and I don't know the password for Apache, so can't use that. It is not the password to the user.
How can I solve this, need to upload files.
You can't have your cake and eat it too: permissions/ownership that allow web-based WP updates also allow exploited scripts to wreak havoc.
Assuming your account user is "myuser", PHP runs as "apache" and your WP site is located at "/home/myuser/public_html".
So you are telling me that I have created a huge security risk on my server?
Any file that is owned by "apache" can be overwritten by an exploited script running as "apache".
Any folder that is owned by "apache" can be written to by an exploited script running as "apache".
So going back to user:user and then have a folder there I can upload the new WordPress and then use a script like I did before to update all sites is better then?
It's better in terms of security -- as long as the script leaves the WP directory tree owned entirely by "user", with the exception of the "uploads" folder.
Whether it's better in terms of ease of updates is another story. "Secure" and "easy" seldom go hand-in-hand.
You may want to delve into http://wp-cli.org/