I've implemented most of what LHammonds suggests on my WP installs.
First, I put all my sites under a separate username and add that user to the www-data group.
Next, I wrote two simple scripts that I use to change permissions before and after updates.
Before an update I run this:
Code:
#!/bin/sh
chmod g+w wp-admin wp-includes wp-content -R
chmod g+w *
echo "Run update now"
That restores write permissions to members of the www-data group to which the website owner belongs.
After running an update I run the script
Code:
#!/bin/sh
chmod u+rwx,g+rx wp-admin wp-includes wp-content -R
chmod g-w *
Both these scripts must be run as root from the top of the WordPress directory tree.
Bookmarks