[CentOS] Apache and web content permissions

Sat Dec 2 15:28:18 UTC 2017
Leon Fauster <leonfauster at googlemail.com>

Am 02.12.2017 um 14:27 schrieb Nicolas Kovacs <info at microlinux.fr>:
> Le 02/12/2017 à 14:19, Leon Fauster a écrit :
>> I would build a rpm package of wordpress (everything can be defined
>> there like permissions etc) 
> The initial question was: WHAT permissions?

The application design should have considered security best practices. I do not known WP but check their sites.  
So, following the "need to write" requirement, its a good decision (yours) to allow only the minimum. "Normally" 
such space should be outside of the "document root" of the hosting.    

> and disabling the automatic update
>> function in wordpress. Build once it can be installed on all (two
>> dozen) webservers automagically (local yum repository) ... externe
> That would mean one package per Wordpress, since I don't have only one
> Wordpress installation per server. Not a solution.

All installations should have the same base (normally the latest WP release) - so, 
to be clear one package for all. This has nothing to do with different content or 

I other words, if security is your focus then the process is the target of your effort.

Its just my suggestion ...