Security of individual WordPress installs?


#1

Hi,

Does EasyEngine provide any security between WordPress installs when running multiple sites on the same server?

For example, if a user gains read/write rights to the folder for site1.com, will the user be able to escalate this to site2.com as well, hosted on the same server?

Thanks!


#2

@khromov

For example, if a user gains read/write rights to the folder for site1.com, will the user be able to escalate this to site2.com as well, hosted on the same server?

As of now EasyEngine create all sites using www-data user, so if anyone has read/write permission for www-data user then that can easily access other site.

This feature/security will be implemented in shared-hosting model. You can see the update at https://github.com/rtCamp/easyengine/issues?milestone=9&state=open

Also EasyEngine can provide the number of security features like
block all the log files and readme.txt readme.html

Limited access to the wp-config.php to avoid brute-force attack


#3

Thanks, I will subscribe to the issue on GitHub. Looking forward to this feature!


#4