Wordpress automatic upgrade
I am having some problems with Wordpress automatic upgrade function. If I try to upgrade the wordpress version or the plugins, it asks for the FTP details. When I enter these details it doesnt accept them.
On the net, I found a solution: change the permissions of the wp-content to 777, but this is very unsafe.
I've also found a more complete and safer solution in here
Have you ever found this problem before? Do you know how to resolve it in a neat and safe way for linode?
Thanks a lot for your help.
Alex
5 Replies
If the webserver can't write files, it can't update itself after all.
Note that the setsebool only applies if selinux is actually enabled and enforcing, neither of which apply on a stock linode kernel.
The "safest" way is to set up an FTP server, username and password, and ACL to enable just the FTP user to write to that directory… but that still means you're leaving the directory wide open for writes, just not through your webserver.
edit: I should note that the most secure way is to update wordpress is to… not use the automatic method.
Edit: also for point releases (x.x.2 -> x.x.3) you can usually get away with making a patch from the old release to the new one and just applying the patch because not much changes.
chown -R www-data:www-data *
Inside the wordpress folder
Please, I am pretty new to all of this so, you experts out there should chime in if there would be a problem with this.
@casmang:
Please, I am pretty new to all of this so, you experts out there should chime in if there would be a problem with this.
There's nothign necessarily wrong with that, but it makes you more vulnerable to security holes. Allowing the web server to write to the filesystem (except in very narrow circumstances) just makes exploits all the more damaging. also, this isn't purely theoretical. wordpress has an absolutely awful security record