Is it Secure to Grant Apache User Ownership of Directories & Files for Wordpress

Posted by Oudin on Server Fault See other posts from Server Fault or by Oudin
Published on 2012-06-26T01:09:45Z Indexed on 2012/06/26 9:17 UTC
Read the original article Hit count: 275

I'm currently setting up WordPress on an Ubuntu server 12 everything runs fine but there is an issue when it comes to automatically updating and uploading media via WP as Apache "www-data" user does not have permissions to write to the directories. "user1" has full permission

All my directories have permissions of 0755 and files 644

my directories setup is as follows:

/home/user1/public_html

All WP files and directories are in "public_html"

In order to work around the auto updating and uploading media I've granted Apache user ownership to the following directories

sudo chown www-data:www-data wp-content -R
sudo chown www-data:www-data wp-includes -R
sudo chown www-data:www-data wp-admin -R

I would like to know security wise how secure this is and if it is not secure what would be the best solution?

That will allow me to keep all files and directories owned by user1 and still allow wp to be able to automatically update and uploading media

© Server Fault or respective owner

Related posts about apache2

Related posts about Wordpress