Related

Join the DigitalOcean Community Community

Join 1M+ other developers and:

  • Get help and share knowledge in Q&A
  • Subscribe to topics of interest
  • Get courses & tools that help you grow as a developer or small business owner
 Join Now
My one click install wordpress site cannot load from other devices. Question Question
Why won't my one-click Wordpress site load? Question Question

Question

One-Click Install Apps: create a new user to avoid using roote user

Posted November 5, 2018 1.2k views
WordPressDigitalOcean 1-Click Apps MarketplaceUbuntu 18.04

One of the secutity steps to protect Ubuntu instalattion is create a daily user with less privileges that administrative user (root user), as described in this tutorial.

This is necessary when I use One-Click Install Apps or it’s one of secutity task automatically runned when I install it (in my case, WordPress)?

Add a comment
marcelo2605
By:
marcelo2605

Related

Join the DigitalOcean Community Community

Join 1M+ other developers and:

  • Get help and share knowledge in Q&A
  • Subscribe to topics of interest
  • Get courses & tools that help you grow as a developer or small business owner
 Join Now
My one click install wordpress site cannot load from other devices. Question Question
Why won't my one-click Wordpress site load? Question Question

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

×
Submit an Answer
2 answers
jarland November 5, 2018

Hey friend!

That’s a great question. I’m afraid the answer won’t be as clear. First I’ll say that is not automatically done in the one-click images. Second, I’ll add that whether or not it’s necessary is up to you. The web server will run Wordpress through the privileged user “www-data” which does mean that a compromised Wordpress is not necessarily a compromised root user (I’ll side-step privilege escalation for this discussion as it gets further away from common, automated compromises).

Now, if you’re just managing a Wordpress site and the only reason you log in is to update packages (apt-get update && apt-get upgrade), you’re either going to use a sudo user or root, so most people honestly just stick with root and lock it down to SSH key only.

Since Wordpress isn’t running as root, and since you’re probably not doing much in the terminal, creating a second privileged user is probably not something that is worth your time to do (or would be of any real value in that case). That’s my two cents, and this is a topic in which someone will absolutely disagree with me (and they won’t be wrong for doing so).

Jarland

Reply Report
marcelo2605 November 8, 2018

Thanks for the explanation @jarland!

Reply Report

Related

Looking for something else?

Ask a new question Search for more help