Wordpress, ugh

spend enough time with the internet and you will eventually end up running a wordpress site for someone.

• Harden up
• PHP fun

Harden up

by default, the wordpress install instructions for debian/ubuntu lead you to hell. nginx, php, run under www-data and own all the files. FUCK

thats not right. fix it or youll be spamming the world in no time.

Step one: own your shit. in the wordpress root, (maybe /var/www/wordpress):

sudo chown <yourunprivilegeduser>:www-data -R *

this will ensure that www-data group/user (remember on ubuntu its a two-spirit.) doesnt own your content or config files. this is important because PHP will likely also be running as www-data and would love to drop files into your webserver and redirect visitors to bad places.

then, 

sudo find . -type f -exec chmod 644 {} \;

sudo find . -type d -exec chmod 755 {} \;

this lets your user write to files and dirs, but not www-data (and evil PHP). yes very inconvenient because you just disabled automatic updates for your shit and also probably any other changes via wp-admin. whatever- arent you tired of cleaning random-name files and base64 encoded hacky shit off your site? i know i am. 

PHP fun

Sometimes PHP is a pain. no, kinda always a pain.

when you update PHP on your server and everything falls over, theme breaks, etc, you can roll back the php-fpm socket temporarily by editing the sites-available conf in nginx. Apache2 is a little different. 

xxxxxxxxxx

sudo vim /etc/nginx/sites-available/default

Change the FastCGI backend to use the new (or old version) PHP-FPM socket, save and exit the file

xxxxxxxxxx

location ~ \.php$ {

        include snippets/fastcgi-php.conf;

        fastcgi_pass unix:/run/php/php7.2-fpm.sock;

}

Run the configuration test

xxxxxxxxxx

$ nginx -t

​

Restart the web server

xxxxxxxxxx

$ sudo service nginx restart

see if that gets you going long enough to figure out why php is breaking your site.