I used to host a bunch of Wordpress and Drupal sites on Linux servers. Properly setting file and directory permissions is a huge part of keeping those CMSs secure. The defaults are bad and there is a ton of horrible advice online in the form of troubleshooting threads with responses like "I made the error go away by setting everything to 777!"
So I wrote two shell scripts (one for each CMS) that could be easily customized for each site. I ran it by hand whenever we did a deployment, and also set it to run every hour in crontab. That way even if someone changed the permissions away from safe (by accident or maliciously), they would revert to safe pretty quickly.
I've since moved all those sites to WP Engine and Pantheon, so now the directory permissions are someone else's problem. :-)
from Hacker News - New Comments: "WordPress" https://ift.tt/2OgAU1R
via IFTTT
No comments:
Post a Comment