On Friday, May 31, 2013 02:46:25 PM Ted Byers wrote:
I asked about this on a Wordpress group, but they said this is a Linux question rather than a WordPress question. That I must ask reflects only that when it comes to administering a Linux box, I am a complete novice, even though I have been programming for decades. On the following page (http://codex.wordpress.org/Updating_WordPress), I find the following:
"Automatic Update
"Current versions of WordPress (2.7+) feature an Automatic Update. You can launch the automatic Update by clicking the link in the new version banner (if it's there) or by going to the Tools -> Upgrade (or Update for version 3) menu. Once you are on the "Update WordPress" page, click the button "Update Automatically" to start the process off. You shouldn't need to do anything else and, once it's finished, you will be up-to-date.
"For Automatic Update to work, at least two criteria must be satisfied:
"(a) file ownership: all of your WordPress files must be owned by the user under which your web server executes. In other words, the owner of your WordPress files must match the user under which your web server executes. The web server user (named "apache", "web", "www", "nobody", or some such) is not necessarily the owner of your WordPress files. Typically, WordPress files are owned by the ftp user which uploaded the original files. If there is no match between the owner of your WordPress files and the user under which your web server executes, you will receive a dialog box asking for "connection information", and you will find that no matter what you enter in that dialog box, you won't be able to update automatically.
"(b) file permissions: all of your WordPress files must be either owner writable by, or group writable by, the user under which your Apache server executes.
"On shared hosts, WordPress files should specifically NOT be owned by the web server. If more then one user owns different files in the install (because of edits made by deleting and re-uploading of files via different accounts, for example), the file permissions need to be group writable (for example, 775 and 664 rather then the default 755 and 644). File permissions (in general) should be adjusted as appropriate for the server environment (the shared host RackSpace CloudSites for example recommends 700 and 600 for a single ftp user, or 770 and 660 for multiple ftp users). See the file permission section for more (some files and folders require stricter permissions). "
However, On the following page (http://codex.wordpress.org/Hardening_WordPress), I see:
Can someone explain to me how one reconciles the ownership and permissions requirements for updates with those for ensuring system security, and what series of commands I should enter to put that into effect (relating that to the documentation of chown and chmod, would help me understand the how of it, if you don't mind).?
Thanks
Ted In all the years I've run Wordpress, I've never done this. Although I don't self host anymore, I find it strange that this is necessary. My install is hosted, and when a new version comes out, the dashboard lets me know about it and I do the update. It works and I keep right on running.
One thing about security though, is never use admin as the administrative user. Use something like Ted4056. Then a good password, and it will deter hackers. They go for the admin user first. Mike -- Powered by SuSE 12.3 Kernel Tumbleweed 3.9.3.10.g06ad9d8.X86_64 KDE 4.10.2 16:48pm up 7:47, 3 users, load average: 8.16, 8.27, 8.30 -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org