[Nottingham] suPHP and Wordpress and NLUG website

[Martin]

On 24/07/10 19:39, Roger Light wrote:
>> This is for a test of Wordpress... Does it change it's web files or are
>> changes only made to the database?
> 
> It can do upgrades from within the web interface, so files will change.

OK, after a little bit o' experimenting and thought...


I don't think suPHP gains me anything extra for security for the case of
Wordpress:

You can run Wordpress fine with all the webtree read-only;

In any case, manual updates look to be easy enough and a safe bet;

If you want to add images, then you'll need to leave an uploads
directory writeable;

For running multiple Wordpress sites, you will suffer the /same/
vulnerabilities from the same code for all the sites, so there's little
extra benefit from running separate code instances and databases;

PHP + MySQL offers are rather large area for attack!

Then also, there's some rather large sites running Wordpress so
hopefully it's just a case of keeping up to date with the updates...


So... Looks like I'm going to go with the old apache and www-data (read
only) security scheme and run with a single database.

I just hope there will be easy migration for all the content when
something 'more sexy' comes along!


Next is... How to customise the look enough that it doesn't look like
just another Wordpress site!

Any volunteers to play with a few themes for the new revamped NLUG website?


Cheers,
Martin

-- 
----------------
Martin Lomas
martin at ml1.co.uk
----------------