Jamie Jamie - 1 month ago 4x
Apache Configuration Question

Creating an alias in .bash_profile for getting the correct permissions on Wordpress

So I've been reading various posts on the right permissions for Wordpress most notably the following:

[1][1]: Correct file permissions for WordPress

[1][1]: https://codex.wordpress.org/Hardening_WordPress

Could someone explain if it is a good idea to add my user into the www-data group. And why I would need to do that as I don't fully understand that and would I need to do that...

I've just spent a large amount of time updating all my wordpress websites and beginning to secure them at a higher level. I want to either create a single command or script so I can quickly set the correct permissions between

  1. setting up wordpress

  2. Updating plugins and wordpress

  3. Normal Hardened Wordpress where users can still edit and upload media but it's locked down safely.

So would it be best to create a .sh file or create an alias in .bash_profile. I have about 14 wordpress websites which I've just spent time updating and securing now I need to sort out the permissions. Obviously I'm looking to do it in the most efficient way possible.

The .bash_profile option so far is:

Setting up Wordpress and Updating

alias suwpchn='sudo chown -R www-data:www-data *; find . -type d -exec chmod 755 {} \; find . -type f -exec chmod 644 {} \; ls -la;'

But the error I get is

find: paths must precede expression: find

But I'm also thinking about having a bash script where I can just call and it will set all the wordpress sites permissions at once which I found from Michael Conigliaro:

# This script configures WordPress file permissions based on recommendations
# from http://codex.wordpress.org/Hardening_WordPress#File_permissions
# Author: Michael Conigliaro (https://gist.github.com/macbleser/9136424)
WP_ROOT=${1:-.} # <-- wordpress root directory, current directory by default
[ -e "$WP_ROOT/wp-config.php" ] || { echo "Usage: $0 /path/to/wordpress"; exit; } # <-- detect that the directory is a wordpress root
WP_OWNER=$(id -u $(logname)) # <-- wordpress owner (This assumes the wordpress owner is the logged in user)
WP_GROUP=$(id -g $(logname)) # <-- wordpress group (This assumes the wordpress owner is the logged in user)
source /etc/apache2/envvars 2>/dev/null && # This works on debian-based systems at least
echo nobody
) # <-- webserver group
echo "Fixing permissions on $WP_ROOT"
echo "Wordpress owner.group: $WP_OWNER.$WP_GROUP"
echo "Web Server group: $WS_GROUP"

echo 'reset to safe defaults'
find ${WP_ROOT} -exec chown ${WP_OWNER}:${WP_GROUP} {} \;
find ${WP_ROOT} -type d -exec chmod 755 {} \;
find ${WP_ROOT} -type f -exec chmod 644 {} \;

echo 'allow wordpress to manage wp-config.php (but prevent world access)'
chgrp ${WS_GROUP} ${WP_ROOT}/wp-config.php
chmod 660 ${WP_ROOT}/wp-config.php

echo 'allow wordpress to manage .htaccess'
touch ${WP_ROOT}/.htaccess
chgrp ${WS_GROUP} ${WP_ROOT}/.htaccess
chmod 664 ${WP_ROOT}/.htaccess

echo 'allow wordpress to manage wp-content'
find ${WP_ROOT}/wp-content -exec chgrp ${WS_GROUP} {} \;
find ${WP_ROOT}/wp-content -type d -exec chmod 775 {} \;
find ${WP_ROOT}/wp-content -type f -exec chmod 664 {} \;

When I run this script my wordpress sites go white screen. I'm on Debian GNU/Linux 8 \n \l

The WS_GROUP I can see is wrong as it prints out nobody as apache runs as www-data on my server. But I'm unsure how to fix that as in
source /etc/apache2/envvars it says export APACHE_RUN_GROUP=www-data so not sure why that part isn't working.

Could anyone help me please to see how to fix the script and also how to add an array of wordpress websites so I can just run the script and it will set permissions for all sites so I can automatically update the sites...



It looks like the ';' was not recognized since it was escaped, yet the -exec was still requiring it, so you can use both:

alias suwpchn='find . -type d -exec chmod 755 {} \;; find . -type f -exec chmod 644 {} \;; ls -la;

I am not a bash guru so I can't elaborate here.