Comments on: WordPress Upload Management Tip http://gfmorris.org/feeder/?FeederAction=clicked&feed=Comments+on+Articles+%28RSS2%29&seed=http%3A%2F%2Fgfmorris.org%2Farchives%2F2005%2F12%2F17%2Fwordpress-upload-management-tip%2F%23comment-&seed_title=WordPress+Upload+Management+Tip Smart Guy, Dumb Code Fri, 21 Nov 2008 14:16:56 +0000 http://wordpress.org/?v=2.6.3 By: Derek http://gfmorris.org/feeder/?FeederAction=clicked&feed=Comments+on+Articles+%28RSS2%29&seed=http%3A%2F%2Fgfmorris.org%2Farchives%2F2005%2F12%2F17%2Fwordpress-upload-management-tip%2F%23comment-5244&seed_title=WordPress+Upload+Management+Tip#comment-5244 Derek Sat, 19 Aug 2006 19:27:30 +0000 http://gfmorris.org/?p=19#comment-5244 I 777'd my upload directory and found some injected .php files a few months later that were spewing out spam into Google. Looks like 777 isn't safe! I 777′d my upload directory and found some injected .php files a few months later that were spewing out spam into Google. Looks like 777 isn’t safe!

]]> By: Geof F. Morris http://gfmorris.org/feeder/?FeederAction=clicked&feed=Comments+on+Articles+%28RSS2%29&seed=http%3A%2F%2Fgfmorris.org%2Farchives%2F2005%2F12%2F17%2Fwordpress-upload-management-tip%2F%23comment-1454&seed_title=WordPress+Upload+Management+Tip#comment-1454 Geof F. Morris Sat, 24 Dec 2005 03:56:05 +0000 http://gfmorris.org/?p=19#comment-1454 The main one would be that you never have to muck about with an FTP client. :) The tool also generates clean, valid markup for you. The main one would be that you never have to muck about with an FTP client. :) The tool also generates clean, valid markup for you.

]]> By: Lara http://gfmorris.org/feeder/?FeederAction=clicked&feed=Comments+on+Articles+%28RSS2%29&seed=http%3A%2F%2Fgfmorris.org%2Farchives%2F2005%2F12%2F17%2Fwordpress-upload-management-tip%2F%23comment-1453&seed_title=WordPress+Upload+Management+Tip#comment-1453 Lara Sat, 24 Dec 2005 01:26:10 +0000 http://gfmorris.org/?p=19#comment-1453 What's the benefit to uploading this way vs. FTP? What’s the benefit to uploading this way vs. FTP?

]]> By: Geof F. Morris http://gfmorris.org/feeder/?FeederAction=clicked&feed=Comments+on+Articles+%28RSS2%29&seed=http%3A%2F%2Fgfmorris.org%2Farchives%2F2005%2F12%2F17%2Fwordpress-upload-management-tip%2F%23comment-1452&seed_title=WordPress+Upload+Management+Tip#comment-1452 Geof F. Morris Fri, 23 Dec 2005 23:06:52 +0000 http://gfmorris.org/?p=19#comment-1452 Lara: Options --> Miscellaneous. ;) Dougal: That's my experience as well. Lara: Options –> Miscellaneous. ;)

Dougal: That’s my experience as well.

]]> By: Dougal Campbell http://gfmorris.org/feeder/?FeederAction=clicked&feed=Comments+on+Articles+%28RSS2%29&seed=http%3A%2F%2Fgfmorris.org%2Farchives%2F2005%2F12%2F17%2Fwordpress-upload-management-tip%2F%23comment-1451&seed_title=WordPress+Upload+Management+Tip#comment-1451 Dougal Campbell Fri, 23 Dec 2005 20:34:55 +0000 http://gfmorris.org/?p=19#comment-1451 Yeah, on all the servers *I* have dealt with, the web server runs as a different user. The exception would probably be web hosts who run PHP as a CGI process, which allows them to run it through suexec. But when PHP is installed as a module, it executes with the same permissions as the main apache instance, which is typically as the 'nobody' user (or a similarly unprivileged account). You don't *have* to make the wp-content directory writable for everything. Most parts of WP that need to write files under there are looking at particular subdirectory (cache, uploads, etc). Just make those writable, and there are fewer security concerns. Yeah, on all the servers *I* have dealt with, the web server runs as a different user. The exception would probably be web hosts who run PHP as a CGI process, which allows them to run it through suexec. But when PHP is installed as a module, it executes with the same permissions as the main apache instance, which is typically as the ‘nobody’ user (or a similarly unprivileged account).

You don’t *have* to make the wp-content directory writable for everything. Most parts of WP that need to write files under there are looking at particular subdirectory (cache, uploads, etc). Just make those writable, and there are fewer security concerns.

]]>