Is it Secure to Grant Apache User Ownership of Directories & Files for Wordpress

Posted by Oudin on Server Fault See other posts from Server Fault or by Oudin
Published on 2012-06-26T01:09:45Z Indexed on 2012/06/26 9:17 UTC
Read the original article Hit count: 238

Filed under:

apache2

|

Wordpress

|

file-permissions

I'm currently setting up WordPress on an Ubuntu server 12 everything runs fine but there is an issue when it comes to automatically updating and uploading media via WP as Apache "www-data" user does not have permissions to write to the directories. "user1" has full permission

All my directories have permissions of 0755 and files 644

my directories setup is as follows:

/home/user1/public_html

All WP files and directories are in "public_html"

In order to work around the auto updating and uploading media I've granted Apache user ownership to the following directories

sudo chown www-data:www-data wp-content -R
sudo chown www-data:www-data wp-includes -R
sudo chown www-data:www-data wp-admin -R

I would like to know security wise how secure this is and if it is not secure what would be the best solution?

That will allow me to keep all files and directories owned by user1 and still allow wp to be able to automatically update and uploading media

© Server Fault or respective owner

Related posts about apache2

apache2: Could not open configuration file /etc/apache2/apache2.conf: Permission denied

as seen on Ask Ubuntu - Search for 'Ask Ubuntu'
I recently upgraded Ubuntu to the latest LTS edition on my work laptop, which I use as a LAMP development platform. The upgrade was from 12.4 to 14.4. Now I'm having trouble getting apache up and running again. Here is the output from an attempt: antonc@antonc-laptop:/etc/apache2$ sudo service apache2… >>> More
Apache segfault glibc segfault

as seen on Server Fault - Search for 'Server Fault'
I keep getting (about every 5-6 hours) this segfault in apache: [Tue Jun 26 12:43:10 2012] [notice] child pid 26810 exit signal Aborted (6) *** glibc detected *** /usr/sbin/apache2: free(): invalid pointer: 0xb68c2628 *** ======= Backtrace: ========= /lib/i386-linux-gnu/libc.so.6(+0x6ff22)[0xb75aef22] /lib/i386-linux-gnu/libc… >>> More
Localhost not working after installing PHP on Mountain Lion

as seen on Server Fault - Search for 'Server Fault'
I've installed php using brew install php54 --with-mysql, I've set up all the path correctly. which php will give me /usr/local/bin/php php -v will give me PHP 5.4.8 (cli) (built: Nov 20 2012 09:29:31) php --ini will give me: Configuration File (php.ini) Path: /usr/local/etc/php/5.4 Loaded Configuration… >>> More
Apache 2 Virtual Hosts no working on OSX 10.6

as seen on Server Fault - Search for 'Server Fault'
This is my first MacBook and I'm trying to get virtual hosts up and running so as it's going to be my dev machine. I've got apache/php/mysql running fine, the problem is that what ever address I go to I just get one of the virtual hosts I've setup. I can't even get to the root site anymore. I had… >>> More
apache2 error Could not open configuration file /etc/apache2/conf.d/: No such file or directory

as seen on Ask Ubuntu - Search for 'Ask Ubuntu'
I have just upgraded my Ubuntu 13.10 and apache2 is not working. When I try to start the apache2 server it is printing following errors: * Starting web server apache2 * The apache2 configtest failed. Output of config test was: apache2: Syntax error on line 263 of /etc/apache2/apache2.conf: Could… >>> More

Related posts about Wordpress

Add Your Own Domain to Your WordPress.com Blog

as seen on How to geek - Search for 'How to geek'
Now that you’ve got a nice blog on WordPress.com, why not get your own domain to brand your site? Here’s how you can easily register a new domain or move your existing domain to your WordPress site. By default, your free WordPress address is yourblog’sname.wordpress.com. But whether this… >>> More
Moving from wordpress.com to self-hosted wordpress blog

as seen on Stack Overflow - Search for 'Stack Overflow'
Hello, I have been writing articles on the wordpress.com blog, now i am looking to move it to self-hosted wordpress blog but i wonder: 1) Should i move all my articles on the new blog or just put an article on my last blog that more articles will be posted on my new blog?* 2) If i move all articles… >>> More
Include WordPress Content Outside of WordPress

as seen on Stack Overflow - Search for 'Stack Overflow'
I'm looking to build a mobile version of a WordPress site and have most of it built in static files, but am trying to get access to the WordPress content from inside an external PHP file that the mobile site will run from. How can I get access to the loop or database without manually writing SQL queries… >>> More
What is the difference between theme making process using Wordpress Theme and Wordpress Theme Framew

as seen on Stack Overflow - Search for 'Stack Overflow'
What is the difference between "Wordpress Theme" and Wordpress Theme Frameworks? In terms of technicalities, Custom theme making workflow, File and folder structure, Anatomy. Wordpress default theme Vs Wordpress theme's framework's Child theme >>> More
Integration of WordPress With WordPress bbPress

as seen on Ezine Articles - Search for 'Ezine Articles'
bbPress is a powerful and fully featured forum software that can be integrated with blogging tools like WordPress. A first glance at the software, gives the impression that it is simple and devoid of any complicated structure, but one has to use it in order, to believe that it is a very powerful tool. >>> More