I’m setting up lots of wordpress install on ubuntu. Digital Ocean suggest running these commands to grant WordPress permissions in order to be able to update, download plugins etc:
sudo chown www-data:www-data * -R
sudo usermod -a -G www-data linux_user_name
I’ve been running everything as the root user, and I’m concerned these commands are not the most secure way of doing this. Is there a better way, without having to run commands for every domain?
Many thanks.
Ideally you don’t want to be doing everything as root as when WordPress runs it won’t be running as the root user on the Ubuntu box meaning that you’ll probably run into problems when trying to install plugins and updates.
This is because the default Apache user will be www-data and is the user you should be using to setup folders and permissions in which to install and run WordPress. If you are managing permissions for each domain, use www-data in the root folder i.e. public_html and the sub folders will be set to the www-data user. There are loads of good tutorials on digital ocean for just this, I’d try getting setup with www-data as you’ll run into a lot less issues going forwards.