Re: need help in rights delegation to a freelance "web developer"
Please do not CC me on posts to the list. I read the list.
On Mon, Nov 10, 2014 at 11:24:55PM +0500, Muhammad Yousuf Khan wrote:
> Thanks for sharing your input. what would be the rights of /var/www and its
> sub-directories.
> currently it is root : root and 775
I would havw www-data.www-data as owner, but it isn't likely to matter. Does
your Apache run as root? That is not considered good practice last I heard.
> Secondly do you guys have any advice on more security of WP. i have heard
> that word press is kind of week in security. maybe i am wrong but i have
> heard that.
I've had no problems in several years of hosting WP.
I do recommend NOT using the Debian package for WordPress. For security and
also better features, use the most recent version available at
wordpress.org. Installation is actually only slightly harder than the Debian
package--their claim of a 5-minute install is totally valid.
Again, your WordPress developer DOES NOT NEED A SHELL ACCOUNT OR ANY SERVER
PRIVILEGES at all, aside from being the administrator of the WordPress site.
Unless you are asking him to also INSTALL WordPress?
If WordPress works, permissions are OK. Again, none of this matters to the
WP developer once WordPress is installed.
And again, for best security give WordPress its own VM. You can get one for
literally $1 per month from <http://www.nosupportlinuxhosting.com>.
> Moreover, our developer is also saying that he is having problem running
> our website on our current debian 7 VM. do you guys think there should be
> some modules required in order to work things properly.
Much more information needed. Is this developer also doing non-WordPress
things? Is this a different developer? Most importantly, exactly what
problems is he having?
--
Carl Fink nitpicking@nitpicking.com
Read my blog at blog.nitpicking.com. Reviews! Observations!
Stupid mistakes you can correct!
Reply to: