Check your web host file permissions first!

November 23, 2010 | No Comments Yet

WordPress security issues come and go, and while some stay because it’s tough to get the crud out, other times it’s because site owners overlook an important part of keeping their hosts protected: file permissions.

A properly configured web server will not allow users to access the files of another user, regardless of file permissions. The web server is the responsibility of the hosting provider. The methods for doing this (suexec, et al) have been around for 5+ years.

Matt Mullenweg warns against web hosts and other security announcements that place the blame on the WordPress software without first checking if proper file permissions are in place.

Devlounge has an old but still applicable article on protecting your wp-config.php files, for starters. This article on WP Tavern also tackles the issue above and shares more file permission advice especially on shared hosting accounts.

Leave a Comment | Tags: , , , , , , , , , ,

Mark Jaquith on WordPress and web hosting

May 17, 2010 | No Comments Yet

WordPress lead developer Mark Jaquith sounds off on the state of web hosting companies and their lack of support for the publishing software. He emphasizes two of the biggest issues WordPress users have when it comes to maintaining their installs: caching and security.

People ask me for hosting recommendations all the time. I have a few decent hosts that I’ll recommend, but I don’t have any hosts about which I can say “use them, because they know how to host WordPress, and they’ll support you.” I’d like nothing better than to have a dozen such hosts to recommend by this time next year. WordPress is here to stay, and it’s time for web hosts to adapt!

This is just the first of many voices from WordPress community leaders cementing an initiative for better WP support, as mentioned in the State of the Word at WordCamp SF 2010. I think the greatest lesson here is never to settle with just any web host. With so many choices out there and your own site and brand on the line, choosing a proper, WordPress-friendly host should be top priority. You can’t afford not to.

As for the web hosting companies themselves, it’s a great opportunity to improve their game and offer specialized services that help with the upkeep of their respective client websites. A win-win for all.

Leave a Comment | Tags: , , , , , , , , ,

Important announcements from the #wordpress-dev IRC meetup

June 4, 2009 | No Comments Yet

A few heads-up announcements regarding the future of WordPress development at the #wordpress-dev IRC meetup:

  • WordPress 2.8 target release date is June 10, next week.
  • WordPress 2.9 will require MySQL 4.1.2. (Might be good to start contacting your webhost this early to see if yours is compatible, or can be made compatible within the coming months.)
  • Upgrading to PHP 5 from PHP 4 is highly recommended and will pushed for in the future WordPress upgrader. (Another thing to ask your webhost about.)
  • In case you want to check out the IRC meetup, they’re held weekly every Wednesday at 9 pm UTC.

Very useful information to help you prepare for future versions of WordPress. Although WP is pretty easy to deal with when it comes to web hosting requirements, it doesn’t hurt to know about these things even if you’re an ordinary blogger.

Leave a Comment | Tags: , , , , , , , ,