...
| Code Block | ||
|---|---|---|
| ||
su - serveradmin cd ~ wget http://wordpress.org/latest.tar.gz tar -xvpf latest.tar.gz mv wordpress blog # We do not need to make the technology obvious. mv blog /home/www.krypton.com/www/ |
Setup File Permissions
Following along the lines of allowing groups to manage their own WordPress instance log in a a sudo enabled user,
| Code Block | ||
|---|---|---|
| ||
cd /home/www.krypton.com/www/
sudo chown -R nobody:wgkrypton ./blog/
sudo chmod -R o-rwx ./blog/ # No users except nobody and those belong to the group wgkrypton will be granted access.
sudo chmod -R u-w ./blog/
sudo chmod -R g+w ./blog/ # Any user belonging to the wgkrypton group can manage the site |
...I may need to setup masking to maintain these permissions...
Configure WordPress
- Create config file for database access
- Set URL
- ...
...
Lock Down WordPress
WordPress and PHP simply due to the model is inherently insecure when compared to more Enterprise solutions.
As such the Bonsai Framework takes an administrator approach to managing and securing WordPress. It is strongly recommended to not use a co-hosting model for multiple clients that require privacy. This is especially problematic if clients are granted shell access. It becomes very complex to protect one client from gaining access to another client's WordPress data.
...