I am running wordpress with a LAMP on 14.04 droplet. I followed the tutorial to Configure Secure Updates and Installations in WordPress on Ubuntu. https://www.digitalocean.com/community/tutorials/how-to-configure-secure-updates-and-installations-in-wordpress-on-ubuntu
After following the instructions, I tried to open my wordpress site in the browser and got a “you do not have access” error. After much reading, I tried changing
export APACHE_RUN_USER=www-data to export
APACHE_RUN_USER=wp-user in the file
/etc/apache2/envvar and now it works.
All of the files in the /var/www directories have permissions like this:
drwxrwxr-x 2 wp-user www-data 4096 Aug 14 15:42 backup -rwxrw-r-- 1 wp-user www-data 11510 Mar 24 12:09 index.html -rwxrw-r-- 1 wp-user www-data 418 Sep 24 2013 index.php -rwxrw-r-- 1 wp-user www-data 20 Mar 24 12:09 info.php -rwxrw-r-- 1 wp-user www-data 19930 Jan 1 2015 license.txt -rwxrw-r-- 1 wp-user www-data 7360 Jul 30 16:39 readme.html -rwxrw-r-- 1 wp-user www-data 4951 Aug 20 2014 wp-activate.php drwxrw-r-- 9 wp-user www-data 4096 Aug 4 07:51 wp-admin
My question is whether this is the correct and secure way to do it. Are the permissions set correctly? Is it OK to give w to the group? Should it be r-x?
The tutorial says nothing about changing any files. I did notice that the tutorial refers to Ubuntu 12.xx. Is there a difference between Ubuntu 12 and 14?
These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.