Hi,
Does EasyEngine provide any security between WordPress installs when running multiple sites on the same server?
For example, if a user gains read/write rights to the folder for site1.com, will the user be able to escalate this to site2.com as well, hosted on the same server?
Thanks!
For example, if a user gains read/write rights to the folder for site1.com, will the user be able to escalate this to site2.com as well, hosted on the same server?
As of now EasyEngine create all sites using www-data user, so if anyone has read/write permission for www-data user then that can easily access other site.
This feature/security will be implemented in shared-hosting model. You can see the update at https://github.com/rtCamp/easyengine/issues?milestone=9&state=open
Also EasyEngine can provide the number of security features like
block all the log files and readme.txt readme.html
Limited access to the wp-config.php to avoid brute-force attack
Thanks, I will subscribe to the issue on GitHub. Looking forward to this feature!