WordPress.org

Ready to get started?Download WordPress

Forums

WordPress Permissions on Private VPS (6 posts)

  1. Tbone17
    Member
    Posted 2 years ago #

    Hi Peeps,

    Hoping someone can clarify this for me please.
    I have just launches a brand new WP site (3.3.1) for someone one a private VPS.
    It is running IIS7 and Plesk so wasn't the easiest install to get working properly.
    The only way to get the plugins, core updates etc running as they should was to assign full permissions to all files and directories i.e. CHMOD 777
    Obviously on a shared hosting platform this would be a security risk but does this matter on a private server?
    Note: no other websites are being hosted on this server.

    Thanks
    Tbone17

  2. ANA Designs
    Member
    Posted 2 years ago #

    On a VPS if you enable PHP with SuEXEC, then permissions can not be set to 777 and all functions should work properly with 755. Perhaps you can recompile PHP differently?

    CHMOD 777 is never a good idea, IMO, but I believe the risk is indeed less if it's only the one site hosted on the server. Still, make sure you have other security measures in place such as mod_security, csf firewall, etc.

  3. Tbone17
    Member
    Posted 2 years ago #

    Hi ANA Designs,

    Thanks for the quick reply.
    I just had a look and Plesk has a fairly limited set of options with regards to the PHP Settings.
    I don't see a SuEXEC option anywhere, it is currently set to run PHP as an ISAPI Extension?

    Regards
    Tbone17

  4. ANA Designs
    Member
    Posted 2 years ago #

    Ah, my mistake....suPHP is the configuration available for Plesk servers. However, it does not come by default nor can be enabled from Plesk. It has to be done manually by creating a special wrapper for Plesk to make suPHP actually work with Plesk System. I don't know how to do this as I use WHM to compile PHP.

    Having WHM with a VPS is a invaluable for half-techies because you can do this sort of stuff with only a couple of clicks.

    Sorry to not be of more assistance. Perhaps googling will help, or maybe someone with more knowledge of Plesk can chime in.

  5. Pothi
    Member
    Posted 2 years ago #

    Hi Tbone17,

    Obviously on a shared hosting platform this would be a security risk but does this matter on a private server?

    Yes, it does matter.

    Disclaimer: I never used IIS or Plesk.

    But, I was in a situation where I had to do two following things to install plugins and update the WordPress core on a particular VPS server.

    1. chown -R user:group_of_webserver /path/to/public_html/
    2. chmod -R g+w /path/to/public_html

    As you might guess, it is a tedious work to do the same after every update of each plugin used. If we add any caching plugin that needs writing permissions on a particular directory, then it becomes even more complex. After each update, the permissions need to be reversed too.

    In this case, the best thing to do (disclaimer:I'm not doing it), is to switch the installation to SVN set up and make a script to run at the end of every day.

    Again, if you are setting up SVN, there are two ways to do. One is using the trunk version (that might have bugs, even though they are bug fixes at times) and other is using the stable tag/version. In the case of using stable tags, I have not done any automation. There may be a way that someone else could help!

    Anyway, it's best not to use 777 at any VPS even if it is the only site.

  6. Tim S
    Member
    Posted 2 years ago #

    777 permissions are a security risk in any situation. It sounds like you have to use the 777 perms because the file is not owned properly. Thus, allowing the "World" to be able to have open permissions fixes the issue.

Topic Closed

This topic has been closed to new replies.

About this Topic