How does wordpress handle file permissions when automatic updates are enabled?


As far as i unterstood, every file wich should be changed by php/apache have to be writeable by the user of the apache server process. According to the "Hardening Section" of the WordPress docs, this user should differ from the owner of the files and only the latter should have write access to the most folders. So, i wonder how wordpress is able to update if the server process dont have write access?

I dont understand what is meant by: "When you tell WordPress to perform an automatic update, all file operations are performed as the user that owns the files, not as the web server’s user. All files are set to 0644 and all directories are set to 0755, and writable by only the user and readable by everyone else, including the web server."

For me that sounds very crazy. If the files are owned by root, does wordpress gain root access to the server?

eltitano 2 months 0 Answers 15 views 0

Leave an answer