So what are my thoughts on WordPress now I’ve had it installed for two weeks? Make sure you set the ownership of the installation correctly!
Given the need to ensure any software visible to the internet at large is as secure as possible, updates should be applied as soon as they are available to ensure any bugs and vulnerabilities are patched.
So, having installed my copy of WordPress, one of the first things I looked at was how to make sure I could easily update the software. Thankfully, WordPress provide an easy way to update the software through the integrated dashboard. Though clicking revealed I required an FTP server running on the web server to perform the updates? Not keen on setting up and FTP server on my production server, I put off the update until I had an afternoon free to install a server and get the updates carried out.
Following the Ubuntu Documentation’s suggestion of installing vsftpd (https://help.ubuntu.com/lts/serverguide/ftp-server.html) I went on to add a user whose home account was set to the directory I’d installed WordPress, to enable the files to be directed to the right place. Changing the owner of the files, I carried out the updates and then wondered why exactly they felt the need to force users to install an FTP server to carry out the updates?
Needless to day, A quick search lead me to a topic that had already discussed the issue… http://stackoverflow.com/questions/640409/can-i-install-update-wordpress-plugins-without-providing-ftp-access revealed that WordPress will only attempt to upgrade over FTP when the web server tries and fails to write to the /wp-content directory! I had already disabled the FTP server and blocked the ports again, though lesson learned: Make sure file permissions and ownership are set properly from the start!