Harden up

by default, the wordpress install instructions for debian/ubuntu lead you to hell. nginx, php, run under www-data and own all the files. FUCK

thats not right. fix it or youll be spamming the world in no time.

Step one: own your shit. in the wordpress root, (maybe /var/www/wordpress):

sudo chown <yourunprivilegeduser>:www-data -R *

this will ensure that www-data group/user (remember on ubuntu its a two-spirit.) doesnt own your content or config files. this is important because PHP will likely also be running as www-data and would love to drop files into your webserver and redirect visitors to bad places.

then,

sudo find . -type f -exec chmod 644 {} \;

sudo find . -type d -exec chmod 755 {} \;

this lets your user write to files and dirs, but not www-data (and evil PHP). yes very inconvenient because you just disabled automatic updates for your shit and also probably any other changes via wp-admin. whatever- arent you tired of cleaning random-name files and base64 encoded hacky shit off your site? i know i am.