If you attended my talk at WordCamp Raleigh 2015 on being your own Sysadmin, you may be interested in this. There are couple of questions that came up after the presentation on maintaining the site once it’s up and running. So there are a couple things to consider here.
File permissions tell the host operating system which users can access certain directories and files. If you followed my talk, we created the www folder under the root account so by default, root owns it. Whereas with our config file, the nginx process runs under the www-data user and group. I provided a bash script to set the correct permissions to our /var/www/ directory. It sets the owner and group of the directory to www-data along with changing the file permissions to 644 and directory to 755. This is recommended settings from WordPress.org
Now, once this is set, you shouldn’t have to change it or re-run this script unless you upload or edit a file via SFTP. By doing so, you’ll be resetting the permissions and owner back to root (given you’re logged in as that).
Patching as we know, keeps the vulnerabilities at bay or at least reduces the chance you’ll be affected by a script kiddie. If someone really wants in, they’re probably going to get in. There are two commands that we can run, and I don’t recommend automating this unless you really know what you’re doing.
This command requests all the latest data and version numbers for all of the packages that are available from Ubuntu. This is required before we actually update any packages, otherwise we wouldn’t know what’s out there.
This command is what does the heavy lifting. It will compare the packages installed on your server with what’s in the repos. If it finds any differences, it will mark that package for upgrading. Once ran, you’ll get a list of the packages that has an update available. If you choose to update, you’d simply answer yes to the upgrade.
Sometimes, some packages will want to overwrite your configuration files. I’d recommend against doing this and you can opt to NOT overwrite them by answering N (or no) to the prompt.
I would do this about once a month, go ahead and add it to your calendar.
WordPress and Plugin Patching
Finally, you must keep WordPress updated along with it’s plugins. You could do this through the command line via something like WP-CLI but I’d just recommend for the basic user to use the updater built into WordPress. Our setup allows for the webserver to do it’s own updates so there should not be an issue with that.
By doing these basic steps, you should be able to keep your server and WordPress install up to date. If you have any questions, tweet me at @adamsewell.