WordPress Installs Secure?

For urgent and private issues, open a support ticket instead of posting: https://secure.installatron.com/tickets
markb1439
Posts: 48
Joined: Wed Dec 17, 2008 5:30 pm

WordPress Installs Secure?

Postby markb1439 » Wed Dec 17, 2008 5:32 pm

Hi,

For manual installations, WordPress advises people to set the four unique security keys in the config file. These can be generated easily at the URL provided in the config-sample file.

However, Installatron does not seem to set these keys when installing WordPress. So, it seems to me that a manual installation (following the recommended procedure) is more secure than one performed by Installatron.

Can Installatron be updated to set these keys when doing an installation? I would think that it would be fairly easy to implement.

Also, are there any other issues with Installatron installations of WordPress? I want to offer my users the most secure possible installations.

Thanks and best regards,

Mark

Rowan
Staff
Posts: 235
Joined: Tue Jun 19, 2007 7:39 am

Re: WordPress Installs Secure?

Postby Rowan » Thu Dec 18, 2008 9:32 pm

Mark,

It was meant to set those keys, but there was a bug that I have just fixed and published. An Installatron update (or wait for the morning CRON) will grab it. Thanks for the headsup.

With that working correctly, Installatron's install is a 1:1 copy of a manual installation except that the Installatron installer also sets CHMOD 777 on 'wp-content'. This was added on request a long time ago, though there's no mention of it in the Wordpress documentation. Is that still needed or should I remove that CHMOD?

Rowan.

markb1439
Posts: 48
Joined: Wed Dec 17, 2008 5:30 pm

Re: WordPress Installs Secure?

Postby markb1439 » Fri Dec 19, 2008 3:07 am

Hi Rowan,

Thanks, that's great support!

Regarding the CHMOD issue, here's what WP says:

Some plugins require the /wp-content/ folder be made writeable, but in such cases they will let you know during installation. In some cases, this may require assigning 755 permissions or higher (e.g. 777 on some hosts). The same is true for /wp-content/cache/ and maybe /wp-content/uploads/

Additional directories under /wp-content/ should be documented by whatever plugin / theme requires them. Permissions will vary.


So I think your judgment is best on what to do here.

One other thing I noticed (but haven't checked lately): With an Installatron installation, the site and blog URL in WP seems to default to:

http://domain.com/directory

...without the "www".

I prefer the "www", and when I do a manual WP install and enter the "www" when going to the install page, it sets the URL with the "www". Is it normal to default to installing without it? I guess that's just an aesthetic thing that the user can tweak, but I'm trying to prevent my clients from having to do tweaks unless necessary.

Thanks!!!

Rowan
Staff
Posts: 235
Joined: Tue Jun 19, 2007 7:39 am

Re: WordPress Installs Secure?

Postby Rowan » Fri Dec 19, 2008 4:05 am

I've published a new build of the Wordpress installer with the CHMOD of wp-content removed.

I'll speak to Phil tomorrow about the default domain.

Rowan.

Rowan
Staff
Posts: 235
Joined: Tue Jun 19, 2007 7:39 am

Re: WordPress Installs Secure?

Postby Rowan » Sat Dec 20, 2008 7:45 pm

We talked over the "www." question, and will be leaving it like it is. It's really just a personal preference, which is why we include both options in the dropdown instead of just including one or the other.

Cheers,
Rowan.

markb1439
Posts: 48
Joined: Wed Dec 17, 2008 5:30 pm

Re: WordPress Installs Secure?

Postby markb1439 » Sun Dec 21, 2008 2:58 pm

Makes sense.


Return to “Administrative Technical Discussion and Troubleshooting”

Who is online

Users browsing this forum: Google [Bot] and 3 guests