Recommended file permissions for WordPress

Private WordPress installations seem to be the drum that hackers like to hit on these days.  It seems that many themes are also vulnerable as well. I’m not saying this is the answer to mitigate hacking attempts, but merely as a starting point.  Anyway, as a starting point for fortifying a WP installation here are recommended file permissions settings for a WordPress installation on a Linux box.  These commands will set 750 for all folders, 640 for files, and 600 for wp-config.php file. Sitting with a root/sudo access on a parent folder from a WP installation folder (assuming wpfolder here).


# find wpfolder -type d -exec chmod 750 {} +
# find wpfolder -type f -exec chmod 640 {} +
# chmod 600 wpfolder/wp-config.php

 

You may also want to make sure that only wp-content folder is owned by www-data (or whatever your webserver may be using).

Adding sudoers

A file can be added for groups of users or specific users to /etc/sudoers.d/ directory. This line would make someone a sudoer with no password requirement.

jsmith ALL=(ALL) NOPASSWD:ALL

If you want the user to type a password.

jsmith ALL=(ALL:ALL) ALL

Updating sudoers file safely

  • Last checked on Ubuntu 16.04.01 LTS (xenial)

The command visudo checks the validity of the sudoers file before making the actual update to the file, and this is the recommended way of editing the file because one can potentially lose sudo privileges unintentionally.

$ sudo visudo

Instead editing /etc/sudoers file I usually create a file at /etc/sudoers.d/localusers so I edit that instead.

$ sudo visudo -f /etc/sudoers.d/localusers

Changing the default editor used for visudo

I’m a VIM user, but many of the distros default to nano for newcomers to Linux systems. You can use the following command to change the default editor that is loaded for visudo and for many other apps.

$ sudo update-alternatives --config editor

 

Moving all of the databases from one server to another

Log in as an admin on MySQL Console and lock the database to allow only read operations.

mysql> flush tables with read lock;
mysql> set global read_only = on;
mysql> exit

Dump all of the databases into a file.

$ mysqldump --lock-all-tables -u root -p --all-databases > dbs.sql

Copy the dump to the new server. RSYNC is preferred over SCP, especially if the file is large.

$ rsync -tvz --progress dbs.sql mhan@newserver.com:~/files/
or
$ scp dbs.sql mhan@newserver.com:~/files/

The DB can be (optionally) unlocked. This may or may not be a good thing to do in your case. Do it at your own risk.

mysql> set global read_only = off;
mysql> unlock tables;
mysql> exit

On the new server, execute this command to import the new dumped SQL file.

$ mysql -u root -p < ~/files/dbs.sql

https://wiki.michaelhan.net/MySQL

A soul living in a faddish world

Today’s world is full of people with over-the-top confidence of the very age they are living in. As the old Eastern saying goes, a frog in the well (井底之蛙) thinks of its well as the center of the universe. The entrapment of such captive intelligentsia to its own myth of progress causes minds and human types that resemble Swift’s Lilliputians, or strutting cocks that face down their ancestors only because they happen to be breathing at the present moment. Have you ever tried to talk to a teenager who believes he has come to a point in life where there is nothing more to learn from you?  Welcome to the world of teens de historia.

I think it’s better to be utterly broken with the knowledge of one’s own ignorance, so I hearken back to the sages of old. All thirsty souls are welcome.

오늘 날의 많은 사람들은 지금 사는 시대에 대해 감당하기 어려울 만큼의 자신감을 가지고 살아간다. 우물안의 개구리처럼 이 세상이 우주의 중심인것 처럼. 발전이란 신화를 절대적으로 믿는 자칭 지식인들로 인해 小人國人間形이 만연하고 현제 숨을 쉬고 있는 이유하나로 과거의 조상들의 것들을 수탉과 같은 기세로 깔아보는 사람들이다. 부모로부터는 더 이상 배울게 없다고 생각하는 십대 청소년과 대화를 해본적이 있는가?  시대적 십대 세상에 살고 있는 우리의 현실이다.

자신의 無知에 대해 心적으로 깨진 사람이 난것 같다.  저 먼 과거의 賢者들과 聖人들의 미새한 소리를 들어본다. 모든 갈증하는 이들을 환영한다.