How to set up multiple wordpress sites on linode correctly ?
Hello,
I have setup a linode to host few client's WordPress sites.
I added all sites to
var/www/html/site1.com/public_html
var/www/html/site2.com/public_html
var/www/html/site3.com/public_html
and gave the www-data user permission:
sudo chown -R www-data:www-data /var/www/html/site1.com/public_html
sudo chown -R www-data:www-data /var/www/html/site2.com/public_html
sudo chown -R www-data:www-data /var/www/html/site3.com/public_html
Now issue is PHP is able to write across all those folders which means if one site gets compromised , hacker will be able to access other sites public_html via PHP.
What is the best secure way to set this up ?
Step by step guide will help !! Thank you so much.
1 Reply
First, a web server running PHP running Wordpress does not need write access to every directory/file in your site. It only needs write access to particular directories (for file uploads, caches, etc):
https://stackoverflow.com/questions/18352682/correct-file-permissions-for-wordpress
Second, changing the ownership of a file or directory does not automatically give that owner permission to write to that file or directory. While ownership and permission are certainly related, they are not the same (!):
https://linuxhandbook.com/linux-file-permissions/
Changing the ownership of a file with permissions 0000 (octal zero -- no read, no write, no execute) is not going to change any user's ability to read/write the file…not even root's!
It's going to be to your long-term advantage to establish an ownership/permission policy for files/directories in your site that is as restrictive as possible…and STICK TO IT!
-- sw