Last active
November 23, 2017 22:21
-
-
Save s1037989/7d2f0989b5a3cb1ed9e8e4452ded9ca6 to your computer and use it in GitHub Desktop.
Set permissions on wordpress directories
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # | |
| # This script configures WordPress file permissions based on recommendations | |
| # from http://codex.wordpress.org/Hardening_WordPress#File_permissions | |
| # | |
| # Original Author: Michael Conigliaro (https://gist.github.com/macbleser/9136424) | |
| # Modified by: Stefan Adams (https://gist.github.com/s1037989/7d2f0989b5a3cb1ed9e8e4452ded9ca6) | |
| # | |
| WP_ROOT=${1:-.} # <-- wordpress root directory | |
| [ -e "$WP_ROOT/wp-config.php" ] || { echo "Usage: $0 /path/to/wordpress"; exit; } | |
| WP_OWNER=$(id -u $(logname)) # <-- wordpress owner | |
| WP_GROUP=$(id -g $(logname)) # <-- wordpress group | |
| WS_USER=$( | |
| source /etc/apache2/envvars 2>/dev/null && | |
| echo "$APACHE_RUN_USER" || | |
| echo nobody | |
| ) # <-- webserver owner | |
| WS_GROUP=$( | |
| source /etc/apache2/envvars 2>/dev/null && | |
| echo "$APACHE_RUN_GROUP" || | |
| echo nobody | |
| ) # <-- webserver group | |
| echo "Fixing permissions on $WP_ROOT" | |
| echo "Wordpress owner.group: $WP_OWNER.$WP_GROUP" | |
| echo "Web Server group: $WS_USER.$WS_GROUP" | |
| echo 'create wp-permissions-webupdates symlink' | |
| [ -e "${WP_ROOT}/wp-permissions-webupdates" ] || ln -s ${WP_ROOT}/wp-permissions ${WP_ROOT}/wp-permissions-webupdates | |
| echo 'reset to safe defaults' | |
| find ${WP_ROOT} -exec chown ${WP_OWNER}:${WP_GROUP} {} \; | |
| find ${WP_ROOT} -type d -exec chmod 755 {} \; | |
| find ${WP_ROOT} -type f -exec chmod 644 {} \; | |
| echo 'allow wordpress to manage wp-content' | |
| find ${WP_ROOT}/wp-content -exec chown ${WS_USER}.${WS_GROUP} {} \; | |
| find ${WP_ROOT}/wp-content -type d -exec chmod 775 {} \; | |
| find ${WP_ROOT}/wp-content -type f -exec chmod 664 {} \; | |
| if [ "${0##*/}" == "wp-permissions-webupdates" ]; then | |
| echo 'allow wordpress to manage wp-config.php and use direct method' | |
| # file.php#get_filesystem_method() writes a temp file to wp-content and compares it to ownership of file.php | |
| # so to detect "direct" method, file.php must be owned by WS_* | |
| chown ${WS_USER}.${WS_GROUP} ${WP_ROOT}/wp-config.php ${WP_ROOT}/wp-admin/includes/file.php | |
| chmod 660 ${WP_ROOT}/wp-config.php | |
| fi | |
| if [ "${0##*/}" == "wp-permissions-webupdates" ]; then | |
| echo 'allow wordpress to manage .htaccess' | |
| touch ${WP_ROOT}/.htaccess | |
| chown ${WS_USER}.${WS_GROUP} ${WP_ROOT}/.htaccess | |
| chmod 664 ${WP_ROOT}/.htaccess | |
| fi | |
| chmod +x ${WP_ROOT}/wp-permissions |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment