security - Restrictive File Permissions

What are the most restrictive file permissions I should use if I do not intend to use any of WordPress's auto updating functionality. All the recommendations I find online assume you want WordPress to be able to write to its own files for auto updates...I don't. When an update becomes avalible I manually test it and deploy it using version control (for core as well as plugins and themes) I already added the following to my wp-config.php

define( 'DISALLOW_FILE_MODS', true );
define( 'DISALLOW_FILE_EDIT', true );
define( 'AUTOMATIC_UPDATER_DISABLED', true ); 
define( 'WP_AUTO_UPDATE_CORE', false );

define( 'DISALLOW_FILE_MODS', true );
define( 'DISALLOW_FILE_EDIT', true );
define( 'AUTOMATIC_UPDATER_DISABLED', true ); 
define( 'WP_AUTO_UPDATE_CORE', false );

Share Improve this question asked Jul 25, 2019 at 4:38 user172433

Add a comment |

1 Answer 1

Sorted by: Reset to default 1

Generally speaking, if you don't want WordPress to update itself or any plugins, don't give the web server write permissions to any of the WordPress files outside of folders like wp-content/uploads.

You'll need to be careful with this and test thoroughly, though, as some plugins, like WordFence, have folders they need to write to for logs and definition updates.

Example: If your web server user is apache, you could change the file ownership to another user, and set group permissions to the web server.

# Change Ownership of files and folders for entire install
chown -R <youruser>:apache /path/to/wordpress/install

# Make sure you set ownership of files and folders you want WordPress to upload to back to the web server user
chown -R apache:apache /path/to/wordpress/install/wp-content/uploads

# Set file and folder permissions to remove write from group
find /path/to/your/wordpress/install/ -type d -exec chmod 755 {} \;
find /path/to/your/wordpress/install/ -type f -exec chmod 644 {} \;

科技改变生活-雨落星辰 - 所有的伟大,都源于一个勇敢的开始

security - Restrictive File Permissions

1 Answer 1

与本文相关的文章

评论列表(0)