ted.byers
Forum Replies Created
-
Forum: Networking WordPress
In reply to: A couple quick questions about installing multi-siteOne thing that might help someone advise, is I found on http://codex.wordpress.org/Updating_WordPress the following:
(a) file ownership: all of your WordPress files must be owned by the user under which your web server executes. In other words, the owner of your WordPress files must match the user under which your web server executes. The web server user (named “apache”, “web”, “www”, “nobody”, or some such) is not necessarily the owner of your WordPress files. Typically, WordPress files are owned by the ftp user which uploaded the original files. If there is no match between the owner of your WordPress files and the user under which your web server executes, you will receive a dialog box asking for “connection information”, and you will find that no matter what you enter in that dialog box, you won’t be able to update automatically.
(b) file permissions: all of your WordPress files must be either owner writable by, or group writable by, the user under which your Apache server executes.
The question is, when I own the hardware, and am running ubuntu, how do I ensure that these two conditions are satisfied? And do I need to set up an ftp server on this machine to support the update process? (I do not need ftp on this machine for anythng else.).
Thanks
Ted
Forum: Installing WordPress
In reply to: Preparation for multi-domain installThank you Sir,
I greatly appreciate this.
I am now thinking that perhaps I may use a web server exposed to the web as a reverse proxy server, and have it direct requests to distinct web servers that hide behind my firewall. And for my common archive, I may contract my friend to help develop a suitable plugin, and use, as my usual standard protocol requires, a code walkthrough to verify quality. I do this anyway with staff, so this won’t be any different. I am assuming that PHP and Perl are sufficiently similar that I won’t have trouble understanding the PHP code.
I have some followup questions, in part for material supplementary to what you say here and on the pages to which you refer.
1) When I went to install WordPress from Ubuntu 12.10’s Software Center (I do not know if that is recommended), after having set up Apache as I usually do (including use of MPM – I am not sure, now, if mod_MPM is necessary, since later versions of Apache are multi-threaded), I got an error message saying that WordPress won’t work properly with MPM enabled (a surprise given the benefits of MPM and the fact that WordPress is so widely used). Given that MPM is highly desirable for performance, what do you think about a) why WordPress doesn’t like MPM (or maybe it is just the package configuration that Ubuntu used), and b) use of reverse proxy (both for performance/load balancing and possible security benefits)?
2) You mention use of .htaccess, but buch of what I have been reading, from rather recent sources, seem to prefer mod_rewrite. What is the difference?
3) On the hardening wordpress page, reference is made to mod_security being tricky to configure, as well as the utility of OSSEC. However, no information is provided on how to use either, and no link is provided to a page or pages that describe how to do use either well. Do you have information about, or a link to pages that describe, using either or both well? I am just beginning to study mod_security (and I have some resources already to facilitate that), but it would be very valuable to have a resource that documents how to use it well with WordPress (with comments on how use with WordPress may be different from use of mod_security generally, as in protecting web applications one developes oneself). And I have no knowledge at all of, or resources for learning about, OSSEC (that is, apart from OSSEC’s website).
I would appreciate any additional information you can provide.
Thanks again,
Ted