filesystem write requirements

  • I’ve read several documents about filesystem write requirements, but they are unclear.

    Is there a definitive document on write requirements?

    I’d like to know what files and directories must be writable in the following conditions:

    * During initial setup/configuration.
    * During normal operation.
    * When updating using the update feature.

    We like to keep things as secure as possible and giving the apache user write access where not required is an unnecessary security risk in our humble opinion.

    Your help and guidance is much appreciated.

Viewing 3 replies - 1 through 3 (of 3 total)
  • Dion

    (@diondesigns)

    Core updates of WordPress require write access to the entire WordPress filesystem. WordPress must also have write access to the wp-config.php file during installation. For other usage, only the /wp-content directory and the main .htaccess file must be writable. WordPress can use FTP or SSH to write to the filesystem if the appropriate PHP extensions are available.

    Have you considered using PHP-FPM and setting it up so PHP runs as a different (non-privileged) user than Apache?

    Thread Starter diggy69

    (@diggy69)

    Thanks for the info. I have a better understanding now. I’m going to do a little research on what is involved with manually updating WordPress because I would like to limit write access by the apache service on our public webservers.

    As for PHP-FPM, I know very little about it. All I know is that on Oracle Linux 8 it runs as a service in conjunction with the apache service.

    thanks for your information:now i have good understand: fonts

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘filesystem write requirements’ is closed to new replies.