Permissions Best Practices – Shared Hosting

Resolved leefuller
(@leefuller)

8 years, 6 months ago

We have numerous WP sites, and they are hosted on one server. Recently we’ve mitigated a number of attacks. However, I’m curious if there is a “best practice” for setting file/directory permissions on WP sites? We do not allow FTP access on the server, so it becomes difficult to not set the files to be owned by the webserver so that updates to plugins, installs of plugins, etc., are not blocked by a request for FTP access. Yet, this opens up a myriad of other questions about multiple sites being owned by the same user.

Likely this has been asked (I’ve read tons of “suggestion” posts). But I’m wondering if there is a place to locate the best practice way of managing this.

Thanks to all in advance.

Viewing 8 replies - 1 through 8 (of 8 total)

Bill
(@chubbycrow)

8 years, 6 months ago

This link to the Codex page should get you started. There’s a section on shared hosting.
http://codex.wordpress.org/Changing_File_Permissions

Thread Starter leefuller
(@leefuller)

8 years, 6 months ago

Wonderful… thanks Bill.

Bill
(@chubbycrow)

8 years, 6 months ago

You’re welcome!

Thread Starter leefuller
(@leefuller)

8 years, 6 months ago

So I’ve looked through that document pretty thoroughly. I’ve created about half a dozen sites on a new server – and I still can’t seem to get past the request for FTP access for updates to a plugin.

Specifically, I’ve followed this section:

In such an suexec configuration, the correct permissions scheme is simple to understand.

All files should be owned by the actual user’s account, not the user account used for the httpd process.
Group ownership is irrelevant, unless there’s specific group requirements for the web-server process permissions checking. This is not usually the case.
All directories should be 755 or 750.
All files should be 644 or 640. Exception: wp-config.php should be 440 or 400 to prevent other users on the server from reading it.
No directories should ever be given 777, even upload directories. Since the php process is running as the owner of the files, it gets the owners permissions and can write to even a 755 directory.
In this specific type setup, WordPress will detect that it can directly create files with the proper ownership, and so it will not ask for FTP credentials when upgrading or installing plugins.

Tried each combination of permissions suggested. And while I was able to install WP successfully, any attempt to update a plugin or add one is met with a request for FTP credentials.

Any thoughts?

Thread Starter leefuller
(@leefuller)

8 years, 6 months ago

So it looks like there are about 5 different ways to setup SuExec. I chose to use the Ruid method, which required a compiling of the “mod” file and adding it to the server. Apparently using the built-in “suexec” mod doesn’t work – at least I could not find anyone who could get it to work.

Thanks for the help.

Bill
(@chubbycrow)

8 years, 6 months ago

Thanks for sharing your solution here. I hope your last post means that you’re up and running now. If so, go ahead and mark this thread as resolved; if not, let us know.

Thread Starter leefuller
(@leefuller)

8 years, 6 months ago

Yes.. there are a few hoops to jump through. But it was not all that painful. If anyone needs instructions, please reply here and I’ll be happy to regale you with details. 🙂

sacredrider
(@sacredrider)

8 years, 4 months ago

leefuller, i ham having the same issues as you. Could you please provide me with your solution?

Viewing 8 replies - 1 through 8 (of 8 total)

The topic ‘Permissions Best Practices – Shared Hosting’ is closed to new replies.

Permissions Best Practices – Shared Hosting

Tags

Topics

Topics with no replies

Non-support topics

Resolved topics

Unresolved topics

All topics