Hello all, got a quick question around security and WordPress plugin self-updating.
I'm running WordPress on a VPS, and all my WordPress files are owned by root by default. Due to the way my VPS is configured, I can not FTP into the root account (nor would I want to), and my host doesn't support FTPS. I can FTP using a standard user account. However, when I try to update a plugin using a standard user account, it fails because the upgrade directory and wp-content directory are owned by root, and my standard user account isn't allowed to write/overwrite the files.
Would I be putting my WordPress installation at security risk by chowning wp-content to a standard user account and leaving it that way? What do other people in similar situations typically do?
Any advice appreciated. Thanks in advance!