Support » Everything else WordPress » what is the ideal server-setup to address security concerns

  • good day dear WordPress-experts,

    well i muse bout this qeustion for some weeks now:

    Many shared hosting services still make use of suexec in their Apache setup.

    i wonder if this is a good desicsion.

    so that the web service runs as the actual user. This server-setup eliminates most permission problems and helps protect our files from other users on the server. So far so good.

    However, in cases where Apache runs as a separate user, if we want to upload files into WordPress, we have to open up permissions on the upload directory.

    i love to get more ideas & tipps from you; How do you run wordpress.

    And especially: how do you arrange the server to do an automated plugin / theme update? +

    Love to hear from you

    regards

Viewing 2 replies - 1 through 2 (of 2 total)
  • Moderator Steve Stern

    (@sterndata)

    I use apache and php-fpm. Each site has a different user for PHP and for mysql. No one should be manually uploading files to WordPress.

    Moderator Jan Dembowski

    (@jdembowski)

    Brute Squad and Volunteer Moderator

    What security concerns do you have?

    If you have a responsible host (and don’t discuss hosts, that will get the topic closed) then they’ll have current secure versions of PHP, Apache2, etc.

    If you’re running the server then use the recommended settings from the distribution that you are using.

    That just leaves the WordPress part up to you.

Viewing 2 replies - 1 through 2 (of 2 total)
  • You must be logged in to reply to this topic.