Am 02.12.2017 um 14:27 schrieb Nicolas Kovacs <info at microlinux.fr>: > > Le 02/12/2017 à 14:19, Leon Fauster a écrit : >> I would build a rpm package of wordpress (everything can be defined >> there like permissions etc) > > The initial question was: WHAT permissions? The application design should have considered security best practices. I do not known WP but check their sites. So, following the "need to write" requirement, its a good decision (yours) to allow only the minimum. "Normally" such space should be outside of the "document root" of the hosting. > and disabling the automatic update >> function in wordpress. Build once it can be installed on all (two >> dozen) webservers automagically (local yum repository) ... externe > > That would mean one package per Wordpress, since I don't have only one > Wordpress installation per server. Not a solution. All installations should have the same base (normally the latest WP release) - so, to be clear one package for all. This has nothing to do with different content or themes. I other words, if security is your focus then the process is the target of your effort. Its just my suggestion ... -- LF