Security needs need to be clearly documented
|Reported by:||novasource||Owned by:|
Since WordPress now has self-updating capabilities, most, possibly all, of WordPress files need to be writable by the Apache process.
http://codex.wordpress.org/Changing_File_Permissions makes no mention of permissions that allow self-updating. Following that pages's advice literally, the updater process would always fail to update and take people to that goofy "enter your FTP credentials" page.
Some Google searching does not come up with a definitive answer.
For the sake of communicating best practices, please update http://codex.wordpress.org/Changing_File_Permissions so that it explains the recommended permissions needed to auto-update WordPress.
Change History (7)
- Component changed from Upgrade/Install to WordPress.org site
- Keywords needs-codex added
- Type changed from defect (bug) to enhancement
- Version 3.1 deleted