Hi Keith, On Wed, Aug 8, 2012 at 11:50 AM, keith smith wrote: > > Hi, > > I need to make a directory writable so WordPress can upload images to the > directory. I'm thinking I need to change the group ownership of the > directory to Apache with the user remaining the same. In the past I've > change the group and ownership to Apache and was blocked from FTP access > after that. > > Any security issues I need to be aware of? Other approaches? > > Any advice is much welcomed!! Thank you for your help!! > > ------------------------ > Keith Smith > Known Issue: Wordpress asks for a directory location: you set it up as 755 and it won't work. Wordpress works, of course, from PHP and Apache. So in order to allow for Apache ftp you would need to make it writable by Apache and other. If you change the group writable permissions your ftp breaks (so don't do that!): Here's more on it: http://wordpress.org/support/topic/advanced-problem-image-upload http://wordpress.org/support/topic/151290 Solution: You need to use "chmod 777" for uploads to work. Security Issues: This is a security risk of course, since there are many spider scrapers looking for an open permission directory to be able to write, say a fake Phishing Site page for UPS with an email results script. Solution: (from Wordpress documentation): Base image directory The base image directory must be world writable i.e.: chmod 777 Base image URL The URL to the base image directory, the web browser needs to be able to see it. Note that the directory can be protected via .htaccess on apache; check your web server documentation for further information on directory protection. If this directory has to be publicly accessible, remove scripting capabilities for this directory (i.e. disable PHP, Perl, CGI). We only want to store images in this directory and its subdirectories. On apache you can create the following .htaccess file in your base image directory: order deny allow deny from all -- (503) 754-4452 Android (623) 239-3392 Skype (623) 688-3392 Google Voice ** Safeway.com Automation Engineer