security+best practices: root or www-data on a wordpress content folder?

I fixed this by running this command:

    cd /var/www/html/
    sudo chown -Rv www-data:www-data *

Changed ownership back to www-data instead of root. This article helped me:

http://johnqunknown.me/fixing-wordpress-a-mini-tutorial/

Related Posts:

  1. Basic auth WordPress REST API dilemma
  2. Any reason to be concerned by a wave of “zombie” blog signups?
  3. How to change WordPress user ID?
  4. WordPress keeps asking for connection information in localhost
  5. Setting WP Admin passwords to expire
  6. What do spammers gain by signing up as a user?
  7. How can I secure a WordPress blog using OpenID from a single provider?
  8. Force user to change their password on the frontend at the first login and password policy
  9. Should I encrypt the response that triggers an Ajax action? Is nonce sufficient?
  10. Are there mutiple ways to get usernames (as a hacker)
  11. Reset Password policy
  12. How do I protect user_activation_key?
  13. Failed login attempts
  14. Separate Out Real Users
  15. WordPress Password security related questions
  16. Preventing user enumeration: which logic is better?
  17. Force users to use password with specifications
  18. Iterating users while user iteration is suppressed
  19. Require confirmation of current user’s email before updating database and before send_email_change_email
  20. Folder Permissions + Security Concerns
  21. Securely log in a user without a password using a link?
  22. What techniques can a user employ to achieve a password rated “strong” in the WordPress password checker
  23. WordPress – Security Question at Login from User’s Meta Data
  24. user_login vs. user_nicename
  25. WordPress usermeta scaling for thousands of users
  26. How to restrict access to uploaded files?
  27. Execute a function when admin changes the user role
  28. Why are user address fields required [closed]
  29. Importing users? From another wordpress site
  30. How to discover and delete unused accounts?
  31. Remove all users from site except one using WP CLI
  32. Copy a user from one WordPress site to another
  33. Count user posts by type and date
  34. Assigning tags to user?
  35. Get user info outside WordPress
  36. Total number of authors with more than one post
  37. WordPress has a trash for users? (Wrong result for count_user, greater than expected)
  38. Is there a simple way to manage capabilities per user?
  39. Check for user meta data at Login
  40. Buddypress – Send New User Activation Link to Admin [closed]
  41. Redirect after users complete profile form
  42. How to get current user’s phone number
  43. Front End Registration Form Code – Password Field Not Saving
  44. How can I verify users facebook ID that he provides during signup process
  45. How do I customize the dashboard?
  46. How would I hook into `clear_auth_cookie` to return the user’s ID that’s currently being logged out?
  47. How to disable a specific page for a specific user
  48. How to change textarea rows height for user’s biographical Info?
  49. New users not showing up in Post -> Edit
  50. How can i change the name order in the admin?
  51. WP_User_Query by meta_value with Number returns nothing
  52. How to add user from front end
  53. I am getting mysql_real_escape_string() function error while adding user?
  54. Preventing auto-filling of e-mail addresses on profile.php
  55. Prevent subscribers to changing certain profile fields
  56. New user form rejected because “passwords don’t match”—but there’s only one password field
  57. Unable to change email address of admin on localhost
  58. How can I prevent certain custom roles from seeing other custom roles on the user list page?
  59. Creating User Profiles using author.php
  60. “the_author_meta(‘url’)” not working inside “href”
  61. REST API: wp_get_current_user not working on second call
  62. How to let the users edit their user names?
  63. How do I filter users based on email address?
  64. What’s the correct way to add capabilites to user roles?
  65. Web app vs CMS backend
  66. User roles not displaying
  67. Should I setup frontend-only users as CPT or use a plug-in?
  68. How to expire user registration?
  69. Echo a list of all subscriber’s user IDs
  70. user login and its profile
  71. wp_delete_user – huge overhead in Buddypress?
  72. Delete all users with Editor role and their content mysql
  73. Send user auto generated password on different email
  74. Load Custom Field to User Profile as per User Role using Ajax
  75. Show posts who published after registration date
  76. How to hide “Change role to” dropdown on Users admin menu
  77. How to show different pages for different users
  78. How can i display pagination in custom comment list?
  79. hide page menu from admin panel for specific users
  80. Single Sign On (SSO) between two WordPress websites
  81. Redirect /member/ to /member/user
  82. get user id in a plugin without a function
  83. WP_User object behaving strangely when used inside Admin Panel?
  84. REST_query_vars for users
  85. How to use a transient inside WP_User_Query
  86. Allowing users to edit only their page and nobody else’s
  87. How to bulk change user role to “No role for this site”
  88. Showing extra profile fields in admin – problem with underscore
  89. Add an ‘edit profile’ page with Genesis
  90. Exclude Current user email and send notification
  91. Disallow user registration/checkout via Hotmail/Yahoo
  92. User management missing after migration to new host
  93. Add new user and user bio at same time
  94. Validate user meta and redirect
  95. Let admin users edit member profiles from front end
  96. New User Registration email
  97. How to add a security group to a running EC2 Instance?
  98. What is the difference between /sbin/nologin and /bin/false?
  99. Sorting Users page admin column with ACF field
  100. Can we get user profile page using user_id in the URL?

Leave a Comment