Posted on

WordPress and UNIX security (part 2)

In an effort to secure my blog I once again did battle with the mighty Word press. It seems that you can run a perfectly healthy blog with no write permissions by the HTTP server (usually www-data) to your service directory.

What do I suggest? Change owner ship to root on your blog area. When you know that you need to upload stuff to Word press then open the permissions on the relevant folders. This happens when you want to add or remove plug-ins, upload media, themes etc. After the relevant operation clamp down on security again. There are plugins (like xLanguage) that write all kinds of junk log files into the upload folder as part of their operation. Obviously you cannot use these if you want better security.

Advantages: better security.
Disadvantages: A little discomfort and the need to write very simple short script to do the chmod for you. The Inability to use certain brain dead plug-ins.

Posted on

Blog upgrade to wordpress 3.0

I just upgraded the blog to the new 3.0 release. The upgrade is quite easy so there is no reason to fear it. The real reason for my upgrade is the multi site feature (I want to open another blog in Hebrew). The multi site feature is quite cool and allows you to have as many blogs as you wish or give blogs out to your friends and serve as their administrator. Check it out in wp3.0.

Posted on

New blog set up

I have moved my blog from Google to my own machine. This is the new blog. I need to transfer all my old posts from my old machine. Hope you will like this one better than the old but this will assuredly give me more control over my data and the blogs look feel and features.