On Wednesday 01 December 2010 18:50:58 Benjie Gillam wrote:
> I'd also move your wp-config.php file up a directory (../) i.e. out of the
> webroot and create a shadow in it's place (<?php
> require(dirname(dirname(__FILE__))."/wp-config.php");?>). This means if you
> accidentally misconfigure your webserver to serve up PHP files as
> text/plain then no-one can see your database username/password. And ensure
> it's not world readable if you're on a shared host.
>
> Benjie.
>
> On 1 December 2010 18:33, Chris Dennis <cgdennis@???> wrote:
> > On 01/12/10 17:54, Benjie Gillam wrote:
> >> Personally, I'd install it straight from Wordpress. I see no advantage
> >> to installing it from the Ubuntu repository, and when you later update
> >> your Ubuntu to the next LTS I would guess that it's likely to corrupt
> >> your Wordpress install with a different version to what you're running,
> >> or leave around security vulnerabilities that Wordpress' own updater
> >> would have deleted.
> >>
> >> Keep in mind that you need to update Wordpress very often as there's new
> >> security holes found in it very frequently :(
> >>
> >> Installing�Wordpress�is pretty easy - just follow these
> >> instructions:�
> >> http://codex.wordpress.org/Installing_WordPress#Famous_5-Minute_Install
> >
> > I'd agree with that. Installing WordPress the Debian/Ubuntu way results
> > in configuration files scattered around in the 'standard' places such as
> > /etc and /usr/share. That makes it difficult to then move the site to
> > another computer or upload it to a hosting service.
> >
> > Do it the non-repo way.
> >
> > cheers
> >
> > Chris
> > --
> > Chris Dennis cgdennis@???
> > Fordingbridge, Hampshire, UK
Thanks for the suggestion, fortunately this is on a private server and not
public facing, so the damage would be limited but damage none the less
Tim
